제출 #601207: Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )정보

제목	Kingdee Cloud-Starry-Sky Enterprise Edition V8.2 Remote Arbitrary Code Execution Vulnerability ( RCE )
설명	1.Vulnerability Name Remote Arbitrary Code Execution Vulnerability (RCE) of Kingdee Cloud-Starry-Sky Enterprise Edition 2.Vulnerability contributor and submitter: caichaoxiong 3.Manufacturer and product information: Manufacturer information: https://www.kingdee.com/products/galaxy.html 4.Vulnerability Level Critical. 5.Vulnerability Description Attackers can inject malicious code into the Freemarker template engine of Kingdee Cloud Star BBC Mall (Tomcat-BBCMallSite) without authentication, and exploit the security flaws of the template engine rendering mechanism to remotely execute arbitrary code on the server side, causing a remote arbitrary code execution vulnerability (RCE). Attackers can obtain sensitive data information of the Kingdee Cloud Star server and control the control system to conduct in-depth intranet penetration attacks, posing serious threats. 6.Repair Plan Avoid template splicing to accept user input data. Since version 2.3.17, the official version provides three TemplateClassResolver to parse classes: UNRESTRICTED_RESOLVER: Any class can be obtained through ClassUtil.forName(className); SAFER_RESOLVER: Cannot load the three classes freemarker.template.utility.JythonRuntime, freemarker.template.utility.Execute, freemarker.template.utility.ObjectConstructor. ALLOWS_NOTHING_RESOLVER: No classes can be resolved. Therefore, you can directly use configuration.setNewBuiltinClassResolver to set it to SAFER_RESOLVER or ALLOWS_NOTHING_RESOLVER. For dangerous built-in function APIs (the API is closed by default since version 2.3.22 and is false by default), avoid using configuration.setAPIBuiltinEnabled(true); just enable the API .
원천	⚠️ https://wx.mail.qq.com/s?k=-EjewV0bTnc1HRsSNE
사용자	caichaoxiong (UID 84060)
제출	2025. 06. 20. AM 11:57 (12 개월 ago)
모더레이션	2025. 06. 27. AM 07:19 (7 days later)
상태	수락
VulDB 항목	314072 [Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0 Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml 원격 코드 실행]
포인트들	17

◂ 이전 개요 다음 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!