| 제목 | HummerRisk <=1.5.0 Command Injection |
|---|
| 설명 | HummerRisk version <=1.5.0 contains a critical command injection vulnerability in its cloud task scheduler component. Attackers with permissions to create cloud scanning tasks can inject arbitrary operating system commands through the regionId parameter. This malicious input is stored in the database and later executed during task cleanup operations, enabling remote code execution (RCE) on the HummerRisk server.
|
|---|
| 원천 | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/8 |
|---|
| 사용자 | Ana10gy (UID 93358) |
|---|
| 제출 | 2026. 02. 13. AM 09:36 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 23. PM 07:51 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347415 [HummerRisk 까지 1.5.0 Cloud Task Scheduler ResourceCreateService.java regionId 권한 상승] |
|---|
| 포인트들 | 20 |
|---|