VMware vCenter Server /uploadova 远程代码执行漏洞(CVE-2021-21972)

漏洞描述

vSphere 是 VMware 推出的虚拟化平台套件，包含 ESXi、vCenter Server 等一系列的软件。在 vCenter Server插件中存在一个远程执行代码漏洞。未授权的攻击者可以通过开放 443 端口的服务器向 vCenter Server 发送精心构造的请求，从而在服务器上写入webshell，最终造成远程任意代码执行

相关漏洞推荐

CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload POC

2025-09-01 | VMware vCenter Server

VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A ma...
CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload POC

2025-08-01 | VMware vCenter Server

VMware vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A ma...
VMware vCenter Server /ui/vcav-bootstrap/rest/vcav-providers/provider-logo 文件读取漏洞（CVE-2021-21986）无POC

2025-02-28 | VMware vCenter Server

VMware vCenter Server 是美国威睿（VMware）公司开发的一套服务器和虚拟化管理软件。该漏洞存在于 vCenter Server 的 /ui/vcav-bootstrap/res...
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC

2025-09-12 | ShowDoc

ShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440)，该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件，包括但不限于PH...
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

2025-09-01 | Cisco HyperFlex HX Data Platform

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...

漏洞描述

PoC代码

相关漏洞推荐

CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload POC

CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload POC

VMware vCenter Server /ui/vcav-bootstrap/rest/vcav-providers/provider-logo 文件读取漏洞（CVE-2021-21986） 无POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440） 无POC

CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

VMware vCenter Server /ui/vcav-bootstrap/rest/vcav-providers/provider-logo 文件读取漏洞（CVE-2021-21986）无POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC