# N/A
## 漏洞概述
Zeroshell 3.9.0 存在一个远程命令执行漏洞。此漏洞是由于 web 应用程序在处理某些 HTTP 参数时处理不当导致的。
## 影响版本
- Zeroshell 3.9.0
## 漏洞细节
攻击者可以通过注入操作系统命令到这些易受攻击的参数中,进而利用此漏洞。攻击无需认证即可进行。
## 影响
攻击者可以执行任意操作系统命令,可能导致系统被完全控制。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | CVE-2019-12725 ZeroShell 远程命令执行漏洞 | https://github.com/givemefivw/CVE-2019-12725 | POC详情 |
| 2 | 漏洞POC、EXP合集,持续更新。Apache Druid-任意文件读取(CVE-2021-36749)、ConfluenceRCE(CVE-2021-26084)、ZeroShell防火墙RCE(CVE-2019-12725)、ApacheSolr任意文件读取、蓝凌OA任意文件读取、phpStudyRCE、ShowDoc任意文件上传、原创先锋后台未授权、Kyan账号密码泄露、TerraMasterTos任意文件读取、TamronOS-IPTV系统RCE、Wayos防火墙账号密码泄露 | https://github.com/sma11new/PocList | POC详情 |
| 3 | ZeroShell 3.9.0 Remote Command Injection | https://github.com/h3v0x/CVE-2019-12725-Command-Injection | POC详情 |
| 4 | ZeroShell命令执行漏洞批量扫描poc+exp | https://github.com/gougou123-hash/CVE-2019-12725 | POC详情 |
| 5 | ZeroShell 3.9.0 Remote Command Injection | https://github.com/hev0x/CVE-2019-12725-Command-Injection | POC详情 |
| 6 | The EXP/POC of CVE-2019-12725 | https://github.com/YZS17/CVE-2019-12725 | POC详情 |
| 7 | None | https://github.com/nowindows9/CVE-2019-12725-modified-exp | POC详情 |
| 8 | Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-12725.yaml | POC详情 |
| 9 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/ZeroShell%203.9.0%20%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2019-12725.md | POC详情 |
| 10 | ZeroShell 3.9.0-远程命令执行漏洞-CVE-2019-12725 | https://github.com/chaitin/xray-plugins/blob/main/poc/manual/zeroshell-cve-2019-12725-rce.yml | POC详情 |