Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Sliver version 1.6.0 (prerelease) is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user.
Advisories for Golang/Github.com/Bishopfox/Sliver package
2024
2023
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in github.com/bishopfox/sliver.