إرسال #757695: HummerRisk <=1.5.0 Command Injectionالمعلومات

عنوان	HummerRisk <=1.5.0 Command Injection
الوصف	HummerRisk version <=1.5.0 contains a critical command injection vulnerability in its cloud task scheduler component. Attackers with permissions to create cloud scanning tasks can inject arbitrary operating system commands through the regionId parameter. This malicious input is stored in the database and later executed during task cleanup operations, enabling remote code execution (RCE) on the HummerRisk server.
المصدر	⚠️ https://github.com/AnalogyC0de/public_exp/issues/8
المستخدم	Ana10gy (UID 93358)
ارسال	13/02/2026 09:36 AM (2 أشهر منذ)
الاعتدال	23/02/2026 07:51 PM (10 days later)
الحالة	تمت الموافقة
إدخال VulDB	347415 [HummerRisk حتى 1.5.0 Cloud Task Scheduler ResourceCreateService.java regionId تجاوز الصلاحيات]
النقاط	20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!