إرسال #616920: Vaelsys Vaelsys V4 v4.1.0 Remote Code Execution in Vaelsys V4 Platformالمعلومات

عنوانVaelsys Vaelsys V4 v4.1.0 Remote Code Execution in Vaelsys V4 Platform
الوصفThe vulnerability allows arbitrary command execution by injecting malicious payloads into unfiltered user input parameters that are processed in `execute_DataObjectProc` by `testConnectivity` function located in `grid/vgrid_server.php`. Prerequisites: Valid PHP session ID (PHPSESSID) required; No authentication required.
المصدر⚠️ https://github.com/waiwai24/0101/blob/main/CVEs/Vaelsys/Remote_Code_Execution_in_Vaelsys_V4_Platform.md
المستخدم
 waiwai24 (UID 81637)
ارسال16/07/2025 11:03 AM (9 أشهر منذ)
الاعتدال26/07/2025 06:14 PM (10 days later)
الحالةتمت الموافقة
إدخال VulDB317847 [Vaelsys VaelsysV4 حتى 5.1.0/5.4.0 Web interface /grid/vgrid_server.php execute_DataObjectProc xajaxargs تجاوز الصلاحيات]
النقاط19

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!