إرسال #757704: HummerRisk <=1.5.0 Command Injectionالمعلومات

عنوان	HummerRisk <=1.5.0 Command Injection
الوصف	A critical command injection vulnerability exists in the HummerRisk cloud compliance scanning functionality. Authenticated attackers can inject arbitrary shell commands through cloud account configuration fields, including region settings and proxy configurations. When cloud compliance scans are triggered, these malicious commands execute with the privileges of the HummerRisk application, leading to remote code execution.
المصدر	⚠️ https://github.com/AnalogyC0de/public_exp/issues/10
المستخدم	Ana10gy (UID 93358)
ارسال	13/02/2026 10:32 AM (2 أشهر منذ)
الاعتدال	23/02/2026 07:51 PM (10 days later)
الحالة	تمت الموافقة
إدخال VulDB	347417 [HummerRisk حتى 1.5.0 Cloud Compliance Scanning PlatformUtils.java fixedCommand تجاوز الصلاحيات]
النقاط	19

Interested in the pricing of exploits?

See the underground prices here!