Primary

Context

elunez eladmin Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in elunez eladmin versions through 2.7. The issue arises in the checkFile function within the file /api/deploy/upload, where improper handling of the servers argument leads to deserialization. This vulnerability can be exploited remotely during the application deployment process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the remote server where the application is deployed.

Reproduction

To reproduce this vulnerability, first upload a file through the application interface that is designed for deployment. During this process, the checkFile function is called to verify the existence of the deployment file. By manipulating the application name to include malicious payloads, the vulnerability can be exploited, leading to remote code execution on the target server.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

elunez eladmin Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

elunez eladmin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating