CVE-2023-47218 PoC — QNAP多款产品命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-47218.yaml

Associated Vulnerability

Title:QNAP多款产品命令注入漏洞 (CVE-2023-47218)
Description:QNAP Systems QuTScloud等都是中国威联通科技（QNAP Systems）公司的产品。QNAP Systems QuTScloud是一种 QNAP NAS 操作系统的云端优化版本。QNAP Systems QTS是一个入门到中阶QNAP NAS 使用的操作系统。QNAP Systems QuTS hero是一个操作系统。多款QNAP产品存在命令注入漏洞。攻击者利用该漏洞通过网络执行命令。以下产品及版本受到影响：QTS 5.1.5.2645 build 20240116版本及之后版本、Q

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.

File Snapshot


 id: CVE-2023-47218

info:
  name: QNAP QTS and QuTS Hero  - OS Command Injection
  author: ritikchad

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!