CVE-2024-0692 PoC — SolarWinds Security Event Manager 代码问题漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0692.yaml

Associated Vulnerability

Title:SolarWinds Security Event Manager 代码问题漏洞 (CVE-2024-0692)
Description:SolarWinds Security Event Manager（SolarWinds SEM）是美国SolarWinds公司的一个安全事件管理器。用于取证和故障排除，以及帮助您管理日志数据的工具。 SolarWinds Security Event Manager 存在代码问题漏洞，该漏洞源于允许未经身份验证的用户滥用 SolarWinds 的服务，从而导致远程代码执行。

Description

The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.

File Snapshot


 id: CVE-2024-0692

info:
  name: SolarWinds Security Event Manager - Unauthenticated RCE
  author: D

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!