CVE-2022-22954 PoC — VMware 多款产品代码注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22954.yaml

Associated Vulnerability

Title:VMware 多款产品代码注入漏洞 (CVE-2022-22954)
Description:Vmware Workspace One Access是美国Vmware公司的将用户身份与设备和网络信息等因素结合起来，为 Workspace One 交付的应用程序制定智能驱动的条件访问决策。 VMware 多款产品存在代码注入漏洞，该漏洞源于不正确的输入验证。远程攻击者利用该漏洞发送特制的HTTP请求并执行服务器端模板注入。

Description

VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.

File Snapshot


 id: CVE-2022-22954

info:
  name: VMware Workspace ONE Access - Server-Side Template Injection
  aut

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!