CVEs-PoC/2020/CVE-2020-25565.md at dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-30 04:59:31 +02:00

Files

T

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, password: ims) and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server.

POC

Reference

https://vuln.shellcoder.party/2020/09/19/cve-2020-25565-sapphireims-unprivileged-user-remote-command-execution-on-server/

Github

No PoCs found on GitHub currently.

853 B Raw Blame History

CVE-2020-25565

Description

POC

Reference

Github

853 B

Raw Blame History