尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Microsoft | Microsoft SharePoint Enterprise Server 2016 | 16.0.0 ~ 16.0.5513.1001 | - | |
| Microsoft | Microsoft SharePoint Server 2019 | 16.0.0 ~ 16.0.10417.20037 | - | |
| Microsoft | Microsoft SharePoint Server Subscription Edition | 16.0.0 ~ 16.0.18526.20508 | - |
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /_layouts/15/ToolPane.aspx with a forged Referer header (/_layouts/SignOut.aspx), attackers can bypass authentication mechanisms and gain unauthorized access to protected endpoints. This vulnerability is part of the ToolShell exploit chain and is a patch bypass for CVE-2025-49706. When chained with CVE-2025-53770 (deserialization vulnerability), it enables unauthenticated remote code execution on SharePoint Server. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-53771.yaml | POC详情 |
未找到公开 POC。
登录以生成 AI POC暂无评论