Submit #470601: KaiYuanTong ECT platform <=2.0.0 Pre-Auth Command Executioninfo

TitleKaiYuanTong ECT platform <=2.0.0 Pre-Auth Command Execution
DescriptionThe ECT platform version ≤ 2.0.0 has a code execution vulnerability in the /public/server/runCode.php file. This pre-authentication endpoint allows attackers to send a specially crafted POST request to execute arbitrary code on the server. For example, sending the request POST /server/runCode.php with the body code=<?php system('whoami'); ?> will execute the whoami command. This vulnerability can lead to unauthorized access and control over the server.
Source⚠️ https://note.zhaoj.in/share/ASPsoVCrLqKK
User
 glzjin (UID 59815)
Submission12/28/2024 06:05 AM (2 months ago)
Moderation01/08/2025 03:40 PM (11 days later)
StatusAccepted
VulDB Entry290792 [KaiYuanTong ECT Platform up to 2.0.0 HTTP POST Request runCode.php code command injection]
Points20

Do you know our Splunk app?

Download it now for free!