TGTGInsighttelegram intelligenceLIVE / telegram public index
← ᴅɪɢɪᴛᴀʟᴠɪʀᴛ ☁️ 情报站
ᴅɪɢɪᴛᴀʟᴠɪʀᴛ ☁️ 情报站 avatar

TGINSIGHT POST

Post #737

@digitalvirtstation

ᴅɪɢɪᴛᴀʟᴠɪʀᴛ ☁️ 情报站

Views3,220帖子阅读量
发布12月2日2025/12/02 15:33
Post content

帖子内容

安全公告 — CVE-2025-12914 尊敬的客户: https://nvd.nist.gov/vuln/detail/CVE-2025-12914 NVD 已公开 aaPanel(宝塔面板)CVE-2025-12914 安全漏洞。此漏洞存在于 /database?action=GetDatabaseAccess,可被远程利用进行 SQL 注入攻击,风险极高。 📌 风险说明 攻击者可远程触发 SQL 注入可能导致数据库读取、篡改或系统被入侵 漏洞 Exploit 已公开 官方尚未回应漏洞通告 📌 受影响版本 aaPanel / 宝塔面板 11.1.0 及之前版本 📌 建议客户立即采取措施 更新至最新版本(若官方已发布修补) 关闭外网直接访问面板端口(如 8888) 设置强密码并启用二步验证 检查是否存在异常登录或数据库存取 如有疑虑,请立即提交工单,我们可协助检查 ==================================== Security Advisory — CVE-2025-12914 Dear Customers, https://nvd.nist.gov/vuln/detail/CVE-2025-12914 NVD has disclosed the CVE-2025-12914 security vulnerability in aaPanel (宝塔面板). This vulnerability exists in /database?action=GetDatabaseAccess and can be exploited remotely for SQL injection attacks, posing an extremely high risk. 📌 Risk Description Can be triggered remotely by attackers SQL injection may lead to database reading, tampering, or system compromise Exploit for the vulnerability has been made public Official response to the vulnerability disclosure is pending 📌 Affected Versions aaPanel / 宝塔面板 version 11.1.0 and earlier 📌 Recommended Immediate Actions Update to the latest version (if an official patch has been released) Disable direct external access to the panel port (e.g., 8888) Set strong passwords and enable two-factor authentication Check for any abnormal logins or database access If concerned, please submit a support ticket immediately for assistance