CVE-2020-9047 PoC — Johnson Controls exacqVision Enterprise Manager和Web Service 数据伪造问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9047.yaml

Associated Vulnerability

Title:Johnson Controls exacqVision Enterprise Manager和Web Service 数据伪造问题漏洞 (CVE-2020-9047)
Description:Johnson Controls exacqVision Enterprise Manager和exacqVision Web Service都是美国江森自控（Johnson Controls）公司的产品。exacqVision Enterprise Manager是一套企业视频管理软件。exacqVision Web Service是一款支持使用Web浏览器查看实时视频，搜索和播放视频的程序。 Johnson Controls exacqVision Web Service 20.06.3.0及之前版本

Description

exacqVision Web Service is susceptible to remote code execution which could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker with administrative privileges could potentiallydownload and run a malicious executable that could allow OS command injection on the system.

File Snapshot


 id: CVE-2020-9047

info:
  name: exacqVision Web Service - Remote Code Execution
  author: dwisiswan

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!