| 제목 | HummerRisk <=1.5.0 Command Injection |
|---|
| 설명 | A critical command injection vulnerability exists in the HummerRisk cloud compliance scanning functionality. Authenticated attackers can inject arbitrary shell commands through cloud account configuration fields, including region settings and proxy configurations. When cloud compliance scans are triggered, these malicious commands execute with the privileges of the HummerRisk application, leading to remote code execution. |
|---|
| 원천 | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/10 |
|---|
| 사용자 | Ana10gy (UID 93358) |
|---|
| 제출 | 2026. 02. 13. AM 10:32 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 23. PM 07:51 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347417 [HummerRisk 까지 1.5.0 Cloud Compliance Scanning PlatformUtils.java fixedCommand 권한 상승] |
|---|
| 포인트들 | 19 |
|---|