Enviar #757704: HummerRisk <=1.5.0 Command Injectioninformación

Título	HummerRisk <=1.5.0 Command Injection
Descripción	A critical command injection vulnerability exists in the HummerRisk cloud compliance scanning functionality. Authenticated attackers can inject arbitrary shell commands through cloud account configuration fields, including region settings and proxy configurations. When cloud compliance scans are triggered, these malicious commands execute with the privileges of the HummerRisk application, leading to remote code execution.
Fuente	⚠️ https://github.com/AnalogyC0de/public_exp/issues/10
Usuario	Ana10gy (UID 93358)
Sumisión	2026-02-13 10:32 (hace 2 meses)
Moderación	2026-02-23 19:51 (10 days later)
Estado	Aceptado
Entrada de VulDB	347417 [HummerRisk hasta 1.5.0 Cloud Compliance Scanning PlatformUtils.java fixedCommand escalada de privilegios]
Puntos	19

Want to know what is going to be exploited?

We predict KEV entries!