Submeter #757704: HummerRisk <=1.5.0 Command Injectioninformação

TítuloHummerRisk <=1.5.0 Command Injection
DescriçãoA critical command injection vulnerability exists in the HummerRisk cloud compliance scanning functionality. Authenticated attackers can inject arbitrary shell commands through cloud account configuration fields, including region settings and proxy configurations. When cloud compliance scans are triggered, these malicious commands execute with the privileges of the HummerRisk application, leading to remote code execution.
Fonte⚠️ https://github.com/AnalogyC0de/public_exp/issues/10
Utilizador
 Ana10gy (UID 93358)
Submissão13/02/2026 10h32 (há 2 meses)
Moderação23/02/2026 19h51 (10 days later)
EstadoAceite
Entrada VulDB347417 [HummerRisk até 1.5.0 Cloud Compliance Scanning PlatformUtils.java fixedCommand Elevação de Privilégios]
Pontos19

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!