Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AnyShare ServiceAgent API Unauthenticated RCE
Vulnerability Description
AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to sanitize command-like payloads. An attacker can inject shell syntax that is interpreted by the backend, enabling arbitrary command execution. The vulnerability is presumed to affect builds released prior to August 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 UTC.
CVSS Information
N/A
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
AiShu AnyShare 安全漏洞
Vulnerability Description
AiShu AnyShare是中国爱数(AiShu)公司的一款企业内容管理平台。 AiShu AnyShare存在安全漏洞,该漏洞源于ServiceAgent API未经验证且未清理输入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A