Invia #585108: https://www.tongzhouyun.com/ https://gitee.com/agile-bpm/agile-bpm-basic v2.8 (the latest version code submitted as of 20250526) Code Injectioninformazioni

Titolohttps://www.tongzhouyun.com/ https://gitee.com/agile-bpm/agile-bpm-basic v2.8 (the latest version code submitted as of 20250526) Code Injection
DescrizioneThe open source low-code rapid development platform "[agile-bpm/agile-bpm-basic](https://gitee.com/agile-bpm/agile-bpm-basic)" has a code execution vulnerability that allows attackers to execute arbitrary Groovy scripts to gain full control of the victim's server.
Fonte⚠️ https://github.com/honorseclab/vulns/blob/main/AgileBPM_agile-bpm-basic/RCE.md
Utente
 Anonymous User
Sottomissione27/05/2025 03:48 (1 Anno fa)
Moderazione05/06/2025 07:14 (9 days later)
StatoAccettato
Voce VulDB311167 [Shenzhen Dashi Tongzhou Information Technology AgileBPM fino a 2.5.0 Groovy Script SysScriptController.java executeScript script escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!