CVE-2020-25223 PoC — Sophos SG UTM 操作系统命令注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-25223.yaml

Associated Vulnerability

Title:Sophos SG UTM 操作系统命令注入漏洞 (CVE-2020-25223)
Description:Sophos SG UTM是英国Sophos的一款安全网关。该产品用于保护局域网内的计算机节点。 Sophos SG UTM WebAdmin 存在操作系统命令注入漏洞，攻击者可利用该漏洞远程执行代码，以下产品及版本受到影响：v9.705 MR5版本, v9.607 MR7版本, v9.511 MR11版本。

Description

Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.

File Snapshot


 id: CVE-2020-25223

info:
  name: Sophos UTM Preauth - Remote Code Execution
  author: gy741
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!