CNNVD-202512-5531 Information
CNNVD ID
CNNVD-202512-5531
Related CVE
- CNNVD Published: 2025-12-31
Description (Chinese)
meterN是meterN开源的一个能源计量与监控平台。 meterN 1.2.3版本存在操作系统命令注入漏洞,该漏洞源于admin_meter2.php和admin_indicator2.php脚本中的COMMANDx和LIVECOMMANDx POST参数存在经过身份验证的远程代码执行,可能导致攻击者以管理权限执行任意系统命令。
Description (English)
MeterN is a platform for measuring and monitoring energy from the meterN open source. Version 1.2.3 has a bug in the operating system command, which originates from the presence of an identified remote code in the COMMANDx and LIVECOMMANDX POST parameters in the admin meter2.php and admin indicator2.php scripts, which may result in the aggressor executing an arbitrary system order with managerial authority.
Hazard Level
Medium
Vulnerability Type
操作系统命令注入
Affected Vendor
meterN
Published
2025-12-31
Last Modified
2026-02-24
References
https://www.metern.org/ https://web.archive.org/web/20210617084455/ https://www.exploit-db.com/exploits/50596 https://www.vulncheck.com/advisories/metern-authenticated-remote-code-execution-via-admin-scripts https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5690.php
Share on: