CVE-2021-46704 PoC — GenieACS 操作系统命令注入漏洞

Source

https://github.com/Erenlancaster/CVE-2021-46704

Associated Vulnerability

Title:GenieACS 操作系统命令注入漏洞 (CVE-2021-46704)
Description:In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing authorization check.

Description

CVE-2021-46704 Nuclei template

Readme

# OS Command Injection in GenieACS CVE-2021-46704
CVE-2021-46704 Nuclei template


![image](https://github.com/Erenlancaster/CVE-2021-46704/assets/50498704/469be353-f5f5-46fc-9a1f-009997f48156)

## Reference : 
- https://github.com/advisories/GHSA-2877-693q-pj33
- https://nvd.nist.gov/vuln/detail/CVE-2021-46704
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46704
- https://debricked.com/vulnerability-database/vulnerability/CVE-2021-46704

File Snapshot


 [4.0K]  /data/pocs/41d83b925aa0480f72828b8472cfc9d904af540a
├── [ 479]  CVE-2021-46704.yaml
└── [ 449]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!