| शीर्षक | elunez eladmin <= v2.7 (2026.04.21) Command Injection |
|---|
| विवरण | A second-order stored command injection vulnerability exists in the application deployment module of elunez_eladmin. While remote script execution is an intended deployment feature, the system suffers from insecure implementation and insufficient input validation. Low-privileged users (with app:add or app:edit permissions) can bypass weak prefix validations on non-script configuration fields (such as uploadPath, deployPath, and backupPath) by utilizing shell metacharacters like newlines (\n) or command substitution ($()). Because the system uses direct string concatenation and interactive SSH shells (ChannelShell), these dormant payloads are executed with high privileges when an administrator or automated pipeline later triggers the deployment process, leading to unauthorized Remote Code Execution (RCE) and privilege escalation.
|
|---|
| स्रोत | ⚠️ https://github.com/elunez/eladmin/issues/899 |
|---|
| उपयोगकर्ता | Ana10gy (UID 93358) |
|---|
| सबमिशन | 13/05/2026 05:25 PM (22 दिन पहले) |
|---|
| संयम | 01/06/2026 03:42 PM (19 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367646 [elunez eladmin तक 2.7 Application Deployment App.java uploadPath अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|