Nexus Repository Manager 3 remote command execution vulnerability (CVE-2019-7238)

Others 2021-03-30 06:30:50 views: null

Nexus Repository Manager 3 remote command execution vulnerability (CVE-2019-7238)

Preface

Nexus Repository Manager 3 is a software repository that can be used to store and distribute software source repositories such as Maven and NuGET. In its 3.14.0 and earlier versions, there is an arbitrary JEXL expression execution function based on OrientDB custom functions, and this function has an unauthorized access vulnerability, which can lead to arbitrary command execution vulnerabilities.

Affected version

Nexus Repository Manager OSS/Pro 3.6.2 version-3.14.0 version

Vulnerability recurrence

Unauthorized login
Insert picture description here

Use the script to https://github.com/mpgn/CVE-2019-7238
change the script of the attacked host url to
Insert picture description here
run the script to rebound shell

monitoring

Guess you like

Origin blog.csdn.net/weixin_44146996/article/details/114022358

Nexus Repository Manager 3 remote command execution vulnerability (CVE-2019-7238)

Nexus Repository Manager 3 remote command execution vulnerability (CVE-2020-10199) reproduces

CVE-2019-5475: Nexus Repository Manager 2 - OS command injection vulnerability alerts

CVE-2019-15107 Webmin Remote Command Execution Vulnerability

Command Execution Vulnerability - Remote Command Execution

Nexus remote command execution CVE-2020-10199

CVE Vulnerability Reappearance-CVE-2016-10033-Remote Command Execution

Apache Solr remote command execution vulnerability CVE-2019-0193 vulnerability recurrence

Apache SSI Remote Command Execution Vulnerability

Fastjson 1.2.47 remote command execution vulnerability

Remote code/command execution vulnerability learning (1)

Remote Command Execution and Deserialization——Recovery of Struts Framework Command Execution Vulnerability

[Vulnerability recurrence] Metabase remote command execution vulnerability (CVE-2023-38646)

Nexus Repository Manager application

CVE-2020-7247: OpenSMTPD library Remote Command Execution Vulnerability Alert

Samba remote Shell command injection execution vulnerability (CVE-2007-2447)

D-Link DSL-2888A remote command execution vulnerability (CVE-2020-24581/24579)

IIS6.0 Remote Command Execution Vulnerability (CVE-2017-7269)

Binwalk Remote Command Execution Vulnerability Principle and Demonstration CVE-2022-4510

Gitlab remote command execution RCE vulnerability CVE-2021-22205 with exp

[Dry goods] Spring remote command execution vulnerability (CVE-2022-22965) principle analysis and thinking

Spring Cloud Gateway Remote Command Execution Vulnerability (CVE-2022-22947)

F5 BIG-IP has a remote command execution vulnerability (CVE-2022-1388)

Spring Messaging remote command execution vulnerability recurrence (CVE-2018-1270)

Spring Data Commons remote command execution vulnerability recurrence (CVE-2018-1273)

Spring Data Rest remote command execution vulnerability recurrence (CVE-2017-8046)

Spring Data Commons Remote Command Execution Vulnerability_CVE-2018-1273 (Desequence Runtime Method)

Juniper Networks Junos OS EX Remote Command Execution Vulnerability (CVE-2023-36845)

Use Nexus3 Repository Manager to build npm PW

vulhub漏洞复现-Nexus(CVE-2019-7238)远程代码执行漏洞

Recommended

微软回应中国区AI团队“打包赴美”传闻

Ranking

How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)

sudo echo command execution Permission denied

ADO: Using Transactions to Operate Oracle Database

[Java] [Class and Object] equals, hashCode, clone methods

Linux virtual host function

Порт управления rabbitmq открыт

on,where

jQuery WeUI

How can there be a weed pilot in Hangzhou?

tcp / ip model four

Daily

More

2024-05-15(5)

2024-05-14(9)

2024-05-13(8)

2024-05-12(28)

2024-05-11(32)

2024-05-10(34)

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)