漏洞描述
WebLogic 是美国 Oracle 公司出品的 Java 应用服务器,WebLogic 是用于开发、集成、部署和管理大型分布式 Web 应用、网络应用和数据库应用。该漏洞是由于应用在处理反序列化输入信息时存在缺陷,攻击者可以通过发送精心构造的恶意请求,获得目标服务器的权限,并在未授权的情况下执行远程命令,最终获取服务器的权限。
Weblogic UniversalExtractor 代码执行漏洞(CVE-2020-14645)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection POC
2025-09-01 | Nexus Repository漏洞触发需要任意账户权限 body="Nexus Repository Manager" app="Nexus-Repository-Manager" -
CVE-2020-11455: LimeSurvey 4.1.11 - Path Traversal POC
2025-09-01 | LimeSurveyLimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/a... -
CVE-2020-11738: WordPress Duplicator plugin Directory Traversal POC
2025-09-01 | WordPress DuplicatorThe issue is being actively exploited, and allows attackers to download arbitrary files, such as the... -
CVE-2020-11991: Apache Cocoon 2.1.12 XML Injection POC
2025-09-01 | Apache CocoonApache Cocoon 2.1.12 is susceptible to XML injection. When using the StreamGenerator, the code pars... -
CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery POC
2025-09-01 | GrafanaGrafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, wh...