qvidium-management-system-exposed: QVidium Management System Exposed

漏洞描述

PoC代码[已公开]

id: qvidium-management-system-exposed

info:
  name: QVidium Management System Exposed
  author: tess
  severity: medium
  description: QVidium Management System is Exposed.
  metadata:
    verified: true
    max-request: 1
    shodan-query: html:"QVidium Management"
  tags: misconfig,qvidium,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}'

    host-redirects: true
    max-redirects: 2

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'QVidium Management'
          - 'src="/cgi-bin/banner.cgi'
        condition: and

      - type: word
        part: header
        words:
          - 'text/html'

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100c978d4f0677f52c6b4b875757116442b190ddcdba5f36532c3702448012e0f2a022100e04c21112ea2b144ae4f879fe6b36f592e69fc37570c7a888ef593c470a3c236:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• 泛微e-office /E-mobile/App/System/UserSelect/dept.php 未授权访问漏洞
• Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞（CVE-2025-64446/CVE-2025-58034）
• POC vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
• Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞（CVE-2025-64446）
• School Fees Payment System /student.php SQL 注入漏洞（CVE-2025-6403）
• POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
• 中成科信票务管理系统 /SystemManager/OrderManager/OrderManager.ashx 文件读取漏洞
• 亿赛通电子文档安全管理系统 /CDGServer3/logManagement/LogDownLoadService SQL 注入漏洞
• Optilink 管理系统 /cgi/fsystem/gene.php 命令执行漏洞
• HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞（CVE-2025-10197）
• Code-Projects Project Monitoring System SQL注入漏洞
• CodeAstro Gym Management System SQL注入漏洞
• CodeAstro Gym Management System SQL注入漏洞