New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
# #59
Comments
|
这里不是做了限制吗 |
|
不是已经白名单了吗 看这里 |
|
这个作者认定不存在的漏洞 也能分配cve嘛?? |
1 similar comment
|
这个作者认定不存在的漏洞 也能分配cve嘛?? |
|
这种感觉是某种代码审计工具扫描出来的,应该自己试试再报吧,至少有个利用成功截图比较好 |
|
关键是还申请到cve了 就离谱
|
dd行为,就是好奇用的啥工具,类似于codeql吗 |
没错就是codeql |
PublicCMS v4.0 Value parameter has command execution vulnerability
Vulnerability Type :
command execution
Vulnerability Version :
4.0
##Vulnerability location:
PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/co
ntroller/admin/sys/SysSiteAdminController.java:249
Vulnerability Description AND recurrence:
Manual audit of publiccms source code,a command execution vulnerability was discovered
Vulnerable link 1: PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/contr
oller/admin/sys/SysSiteAdminController.java:211
parametersis the source of taint, value:<>(parameters是污点来源,value:<>)Vulnerable link 2:PublicCMS-4.0.202107.c/publiccms-parent/publiccms- core/src/main/java/com/publiccms/controller/admin/sys/SysSiteAdminController.java:223
The stain is passed from

parameterstocmdarray, value:<>(污点从parameters传递至cmdarray,value:<>)Vulnerable link 3:PublicCMS-4.0.202107.c/publiccms-parent/publiccms-core/src/main/java/com/publiccms/contr

oller/admin/sys/SysSiteAdminController.java:249
RCEtype risk trigger, caused by the input parametercmdarray, value:<> (RCE类型风险触发,由入参cmdarray导致,value:<>)The text was updated successfully, but these errors were encountered: