There is a remotecommand vulnerability that can execute any command

yangzongzhuan / RuoYi

:tada: (RuoYi)官方仓库基于SpringBoot的权限管理系统易读易懂、界面简洁美观。核心技术采用Spring、MyBatis、Shiro没有任何其它重度依赖。直接运行即可用

http://ruoyi.vip

MIT License

6.43k stars 1.9k forks source link

There is a remotecommand vulnerability that can execute any command #10

Closed f1veT closed 4 years ago

f1veT commented 4 years ago

when you install it and Don‘t update your shiro key,Perhaps you will be attacked, so that the system can execute arbitrary commands. POC: https://github.com/wyzxxz/shiro_rce

yangzongzhuan commented 4 years ago

Thank you have repair..