CVE-2018-25320— ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution

ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

对生成代码的控制不恰当(代码注入)

ACL Analytics 代码注入漏洞

ACL Analytics是ACL公司的一个支持审计分析、数据挖掘与风险监测的数据分析平台。 ACL Analytics 11.x版本至13.0.0.579版本存在代码注入漏洞，该漏洞源于利用EXECUTE函数，可能导致攻击者执行任意命令，通过bitsadmin下载恶意PowerShell脚本并以系统权限执行，建立反向shell并获得完全系统控制。

N/A

N/A