亚信安全：2024实网攻防演练必修高危漏洞合集

----以专业红队视角深度评估，助力企业安防牢筑 目录 1.概述.................................................................................................................................................................. 52. 2024攻防演练最新必修漏洞.................................................................................................................. 63. 2024攻防演练历史必修漏洞.................................................................................................................. 83.1禅道项目管理系统身份认证绕过漏洞....................................................................................... 83.2Primeton EOS Platform jmx反序列化致远程代码执行漏洞...................................... 93.3IP-guard WebServer权限绕过漏洞..................................................................................... 103.4泛微E-Office10反序列化漏洞................................................................................................ 113.5Jenkins任意文件读取漏洞......................................................................................................113.6用友YonBIP ServiceDispatcher远程代码执行漏洞.................................................... 133.7亿赛通电子文档安全管理系统远程代码执行漏洞.......................................................... 133.8GitLab任意用户密码重置漏洞............................................................................................... 143.9kkFileView zipslip远程代码执行漏洞............................................................................... 153.10Palo Alto Networks PAN-OS命令注入漏洞.................................................................. 163.11用友NC registerServlet反序列化远程代码执行漏洞................................................ 173.12亿赛通电子文档安全管理系统hiddenWatermark/uploadFile文件上传漏洞. 183.13Atlassian Confluence template/aui/text-inline.vm代码执行漏洞.................... 193.14亿赛通电子文档安全管理系统AutoSignService1接口远程代码执行漏洞....... 203.15亿赛通电子文档安全管理系统CDG AuthoriseTempletService1接口远程代码执行漏洞....................................................................................................................................................213.16堡塔云WAF get_site_status路径server_name参数SQL注入漏洞............. 223.17Weblogic ForeignOpaqueReference远程代码执行漏洞（CVE-2024-20931）.......................................................................................................................................................................233.18飞鱼星企业级智能上网行为管理系统/send_order.cgi?parameter=operation命令执行漏洞...........................................................................................................................................243.19畅捷通T+ /tplus/UFAQD/InitServerInfo.aspx SQL注入漏洞............................. 253.20D-Link NAS /cgi-bin/nas_sharing.cgi命令执行漏洞............................................... 263.21致远互联FE /sysform/003/editflow_manager.jsp SQL注入漏洞...................... 273.22Jeecg /api/../commonController.do文件文件上传漏洞....................................... 283.23锐捷RG-EW1200G /api/sys/login权限绕过漏洞........................................................ 283.24畅捷通T+ /tplus/UFAQD/KeyInfoList.aspx SQL注入漏洞.................................. 293.25Fortinet FortiOS代码执行漏洞.......................................................................................... 303.26 Jeecg jeecgFormDemoController JNDI代码执行漏洞............................................... 313.27金蝶Apusic loadTree存在JNDI注入.............................................................................. 323.28金蝶Apusic deployApp任意文件上传漏洞.................................................................... 333.29Apache Struts2目录遍历漏洞............................................................................................ 343.30金蝶云星空/ScpSupRegHandler路径存在任意文件上传漏洞.............................. 353.31Atlassian Confluence远程代码执行漏洞...................................................................... 363.32 F5 BIG-IP TMUI远程代码执行漏洞................................................................................... 373.33Apache ActiveMQ服务端口远程代码执行漏洞......................................................... 383.34金山终端安全系统V9.0 SQL注入漏洞............................................................................. 393.35金蝶EAS /myUploadFile.do路径存在任意文件上传漏洞....................................... 393.36Citrix ADC & Citrix Gateway会话令牌泄漏漏洞........................................................ 403.37泛微E-Office 10 /eoffice10/server/public/api/welink/welink-move远程代码执行漏洞....................................................................................................................................................423.38用友GRP-U8 /u8qx/bx_historyDataCheck.jsp SQL注入漏洞........................... 433.39用友U8 Cloud /ServiceDispatcherServlet反序列化漏洞...................................... 44 3.40JumpServer堡垒机会话回放未授权访问漏洞............................................................ 453.41致远OA前台任意用户密码重置漏洞................................................................................. 453.42iDocView /html/2word远程代码执行漏洞..................................................................... 463.43JeecgBoot积木报表testConnection JDBC远程代码执行.................................. 473.44大华DSS综合