漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
AnyShare ServiceAgent API Unauthenticated RCE
Vulnerability Description
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AiShu AnyShare 安全漏洞
Vulnerability Description
AiShu AnyShare是中国爱数(AiShu)公司的一款企业内容管理平台。 AiShu AnyShare存在安全漏洞,该漏洞源于ServiceAgent API未经验证且未清理输入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A