Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF
Vulnerability Description
Anheng Mingyu Operation and Maintenance Audit and Risk Control System up to 2023-08-10 contains a server-side request forgery (SSRF) vulnerability in the xmlrpc.sock handler. The product accepts specially crafted XML-RPC requests that can be used to instruct the server to connect to internal unix socket RPC endpoints and perform privileged XML-RPC methods. An attacker able to send such requests can invoke administrative RPC methods via the unix socket interface to create arbitrary user accounts on the system, resulting in account creation and potential takeover of the bastion host. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:17.837319 UTC.
CVSS Information
N/A
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Anheng Mingyu Operations and Maintenance Audit and Risk Control System 安全漏洞
Vulnerability Description
Anheng Mingyu Operations and Maintenance Audit and Risk Control System(安恒明御运维审计与风险控制系统)是中国安恒(Anheng)公司的一款运维安全审计、风险监控及合规控制平台。 Anheng Mingyu Operations and Maintenance Audit and Risk Control System 2023-08-10及之前版本存在安全漏洞,该漏洞源于xmlrpc.sock处理程序接受特制XML-RPC请求,可能导
CVSS Information
N/A
Vulnerability Type
N/A