漏洞描述
该漏洞源于h5-vcav-bootstrap-service组件的getProviderLogo函数中未对provider-logo参数做校验,直接拼接之后进行URL请求,导致漏洞的发生;攻击者通过构造特定的请求,可以访问vCenter Server服务器上的内部网络资源,并可以通过file协议访问任意文件,以及远程恶意页面加载。截止到通告发布,VMware vCenter 官方还未发布相关补丁,目前只披露7.0.2.00100,7.0.2.00000受该漏洞影响,其它受影响版本不详
VMware vCenter (7.0.2.00100) provider-logo SSRF
PoC代码
暂无相关漏洞推荐
- 天地伟业Easy7 downloadFile 任意文件读取漏洞
- POC CVE-2024-37656: GnuBoard5 5.5.16 - Open Redirect
- (CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC CVE-2024-8852: All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
- POC CVE-2025-11749: WordPress AI Engine Plugin - Token Exposure
- POC CVE-2025-51991: XWiki <= 17.3.0 - Server-Side Template Injection (SSTI)
- Windows PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- 天地伟业Easy7 /Easy7/rest/file/downloadNote 目录遍历漏洞
- MapTiler-Tileserver-php /tileserver.php/x/1/1/1 目录遍历漏洞(CVE-2025-44137)
- POC CVE-2024-50857: GestioIP - Reflected Cross-Site Scripting
- Windows 11 PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- POC CVE-2024-0799: Arcserve Unified Data Protection - Authentication Bypass