| タイトル | https://github.com/Jrohy https://github.com/Jrohy/trojan v2.15.3 Command Injection |
|---|
| 説明 | There is a critical command injection (Remote Code Execution, RCE) vulnerability in the /trojan/log endpoint of the jrohy-trojan web interface. The issue arises because user input from the line query parameter is concatenated directly into a shell command without proper sanitization. As a result, remote attackers can inject arbitrary shell commands, leading to full command execution on the server with the privileges of the web service. This allows attackers to compromise the server, steal sensitive data, or further escalate their attack. No authentication is required for exploitation due to CVE-2024-55215, making the vulnerability even more dangerous. |
|---|
| ソース | ⚠️ https://github.com/Tritium0041/Jrohy-trojan-RCE-POC |
|---|
| ユーザー | Tritium (UID 50779) |
|---|
| 送信 | 2025年05月29日 10:30 (1 年 ago) |
|---|
| モデレーション | 2025年06月03日 14:50 (5 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 310966 [Jrohy trojan 迄 2.15.3 trojan/util/linux.go LogChan c 特権昇格] |
|---|
| ポイント | 20 |
|---|