基于 docsify 快速部署 Awesome-POC 中的漏洞文档. Contribute to Threekiii/Vulnerability-Wiki development by creating an account on GitHub.

Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild. Apache Struts is a free, ...

Apache Struts是一款基于Java的开源Web应用程序框架，广泛用于企业级应用程序的开发。 CVE-2024-53677漏洞的根源在于Apache Struts已弃用的“FileUploadInterceptor”组件，存在路径遍历缺陷，攻击者可以通过操纵文件上传参数，绕过文件上传机制的安全限制，这为远程执行任意代码提供了可能。

近期，Apache Struts 框架被曝出一个高危文件上传漏洞（CVE-2024-53677），引发了网络安全界的广泛关注。Apache Struts 是由美国阿帕奇基金会开发的开源 MVC 框架，广泛用于构建企业级 Java Web 应用。漏洞的严重性不仅在于其可能导致系统的安全威胁，同时也提示了在开源软件使用中的潜在风险。 根据网宿 ...

Recent attacks have demonstrated a significant growth in Zero Days and Remote Code Execution. Kratikal has observed that threat actors have placed a special focus on Web Apps, IoT, and Open-Source ...

用户面临远程代码执行风险 Apache Struts是一个开源框架，广泛支持政府部门、金融机构、电子商务平台以及航空公司等众多关键业务领域的运营。 根据通用漏洞评分系统（CVSS）4.0的评估，该漏洞的严重级别评分高达9.5分。

Vulnerability details: The Apache Struts frameworks, when forced, performs double evaluation of attributes' values assigned to certain tags attributes such as id so it is possible to pass in a value ...

Apache Struts provided by the Apache Software Foundation contains a vulnerability where the ClassLoader may be manipulated. (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0114, CVE-2014-0116) ...