CVE-2019-5475 靶场: RCE 命令注入漏洞
CVE-2019-5475 CVE-2019-5475 与 CVE-2019-15588 靶场: RCE 命令注入漏洞 0x00 背景 CVE-2019-5475 是 Nexus 关于内置插件 Yum Repository 的 RCE 命令注入漏洞,其最早被披露于 hackerone,但因官方第一次修复不完整,故又衍生出了 CVE-2019-15588 漏洞。 这两个漏洞都需要以 admin 身份登录后才可以利用,但是 nexus 默
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sonatype nexus repository manager |