Skip to content

Commit 1301717

Browse files
committed
add: AVE-2026-0052
1 parent 505cfc8 commit 1301717

1 file changed

Lines changed: 27 additions & 0 deletions

File tree

vulns/2026/AVE-2026-0052.toml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
[basic]
2+
description = "奇安信网神 SecGate 3600 防火墙的 obj_app_upfile 接口存在任意文件上传漏洞(CWE-434)。攻击者可通过构造特制的 multipart 请求包,向服务器上传包含恶意代码的 PHP 文件,从而获取服务器完全控制权限。该漏洞影响 SecGate 3600 系列防火墙设备,危害严重。"
3+
published = "2026-07-15"
4+
remediation = "升级 SecGate 3600 防火墙固件至最新安全版本,限制 obj_app_upfile 接口的访问来源 IP,并在 Web 应用防火墙上添加文件上传检测规则以拦截恶意文件。"
5+
score = 9.8
6+
severity = "CRITICAL"
7+
sources = ["nuclei"]
8+
title = "奇安信网神 SecGate 3600 防火墙 obj_app_upfile 接口任意文件上传漏洞"
9+
updated = "2026-07-15"
10+
11+
[exploit]
12+
exp_urls = []
13+
poc_urls = ["https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/secworld/secgate-3600-file-upload.yaml"]
14+
15+
[id]
16+
aliases = ["NUCLEI-HTTP-VULNERABILITIES-SECWORLD-SECGATE-3600-FILE-UPLOAD-YAML"]
17+
ave_id = "AVE-2026-0052"
18+
19+
[meta]
20+
collected_at = "2026-07-15T01:53:16.157389923+00:00"
21+
status = "completed"
22+
23+
[references]
24+
urls = [
25+
"https://peiqi.wgpsec.org/wiki/iot/%E5%A5%87%E5%AE%89%E4%BF%A1/%E7%BD%91%E7%A5%9E%20SecGate%203600%20%E9%98%B2%E7%81%AB%E5%A2%99%20obj_app_upfile%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.html",
26+
"https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/%E5%A5%87%E5%AE%89%E4%BF%A1/%E7%BD%91%E7%A5%9E%20SecGate%203600%20%E9%98%B2%E7%81%AB%E5%A2%99%20obj_app_upfile%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md",
27+
]

0 commit comments

Comments
 (0)