CVE-2025-34143 PoC — ETQ Reliance CG 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-34143.yaml

Associated Vulnerability

Title:ETQ Reliance CG 安全漏洞 (CVE-2025-34143)
Description:ETQ Reliance CG是美国ETQ公司的一款质量管理系统。 ETQ Reliance CG存在安全漏洞，该漏洞源于通过操纵用户名字段可以绕过身份验证登录为特权内部SYSTEM用户，可能导致远程代码执行。

Description

An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform. The application allowed login as the privileged internal SYSTEM user by manipulating the username field. The SYSTEM account does not require a password, enabling attackers with network access to the login page to obtain elevated access. Once authenticated, an attacker could achieve remote code execution by modifying Jython scripts within the application. This issue was resolved by introducing stricter validation logic to exclude internal accounts from public authentication workflows in version MP-4583.

File Snapshot


 id: CVE-2025-34143

info:
  name: ETQ Reliance - Authentication Bypass via Trailing Space
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!