Submit #601207: Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )info

TitelKingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )
Beschreibung1.Vulnerability Name Remote Arbitrary Code Execution Vulnerability (RCE) of Kingdee Cloud-Starry-Sky Enterprise Edition 2.Vulnerability contributor and submitter: caichaoxiong 3.Manufacturer and product information: Manufacturer information: https://www.kingdee.com/products/galaxy.html 4.Vulnerability Level Critical. 5.Vulnerability Description Attackers can inject malicious code into the Freemarker template engine of Kingdee Cloud Star BBC Mall (Tomcat-BBCMallSite) without authentication, and exploit the security flaws of the template engine rendering mechanism to remotely execute arbitrary code on the server side, causing a remote arbitrary code execution vulnerability (RCE). Attackers can obtain sensitive data information of the Kingdee Cloud Star server and control the control system to conduct in-depth intranet penetration attacks, posing serious threats. 6.Repair Plan Avoid template splicing to accept user input data. Since version 2.3.17, the official version provides three TemplateClassResolver to parse classes: UNRESTRICTED_RESOLVER: Any class can be obtained through ClassUtil.forName(className); SAFER_RESOLVER: Cannot load the three classes freemarker.template.utility.JythonRuntime, freemarker.template.utility.Execute, freemarker.template.utility.ObjectConstructor. ALLOWS_NOTHING_RESOLVER: No classes can be resolved. Therefore, you can directly use configuration.setNewBuiltinClassResolver to set it to SAFER_RESOLVER or ALLOWS_NOTHING_RESOLVER. For dangerous built-in function APIs (the API is closed by default since version 2.3.22 and is false by default), avoid using configuration.setAPIBuiltinEnabled(true); just enable the API .
Quelle⚠️ https://wx.mail.qq.com/s?k=-EjewV0bTnc1HRsSNE
Benutzer
 caichaoxiong (UID 84060)
Einreichung20.06.2025 11:57 (vor 12 Monaten)
Moderieren27.06.2025 07:19 (7 days later)
StatusAkzeptiert
VulDB Eintrag314072 [Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0 Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml Remote Code Execution]
Punkte17

ZurückÜbersichtWeiter

Do you need the next level of professionalism?

Upgrade your account now!