| 제목 | https://github.com/Jrohy https://github.com/Jrohy/trojan v2.15.3 Command Injection |
|---|
| 설명 | There is a critical command injection (Remote Code Execution, RCE) vulnerability in the /trojan/log endpoint of the jrohy-trojan web interface. The issue arises because user input from the line query parameter is concatenated directly into a shell command without proper sanitization. As a result, remote attackers can inject arbitrary shell commands, leading to full command execution on the server with the privileges of the web service. This allows attackers to compromise the server, steal sensitive data, or further escalate their attack. No authentication is required for exploitation due to CVE-2024-55215, making the vulnerability even more dangerous. |
|---|
| 원천 | ⚠️ https://github.com/Tritium0041/Jrohy-trojan-RCE-POC |
|---|
| 사용자 | Tritium (UID 50779) |
|---|
| 제출 | 2025. 05. 29. AM 10:30 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 06. 03. PM 02:50 (5 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 310966 [Jrohy trojan 까지 2.15.3 trojan/util/linux.go LogChan c 권한 상승] |
|---|
| 포인트들 | 20 |
|---|