漏洞描述
Topaz Systems SigPlus Pro ActiveX Control 3.95版本,也可能在4.29之前的其他版本中存在设计错误漏洞。远程攻击者可以通过调用暴露的不安全(1)SetLogFilePath和(2)SigMessage方法创建带有任意内容的任意文件,并借此执行任意代码。
Topaz Systems SigPlus Pro ActiveX Control多个远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-20617: Acmailer - Improper Access Control to OS Command Injection
- POC CVE-2022-4940: WCFM Membership <= 2.10.0 - Broken Access Control
- POC CVE-2025-63387: Dify v1.9.1 - Broken Access Control
- Tinycontrol LAN Controller 安全漏洞
- JeeWMS /rest/../cgUploadController.do 文件上传漏洞(CVE-2025-60268)
- POC CVE-2024-47308: Templately <= 3.1.2 - Broken Access Control
- POC CVE-2025-64525: Astro - Broken Access Control
- 友加畅捷管理系统 /Controllers/ajax/Attachment.ashx 文件读取漏洞
- 友加畅捷管理系统 /Controllers/ajax/downloadfile.ashx 文件读取漏洞
- (CVE-2025-11461)Frappe CRM 1.53.1 Dashboard Controller SQL注入漏洞
- POC CVE-2022-29081: Zoho ManageEngine - Access Control Bypass
- POC CVE-2025-12480: Triofox - Improper Access Control
- POC CVE-2025-52665: UniFi Access - Broken Access Control