| عنوان | Ujcms v6.0.2 has a sensitive file reading problem |
|---|
| الوصف | Ujcms v6.0.2 has a sensitive file reading problem. When using Tomcat to deploy the project, the background zip package downloads the html directory, and modifying the dir parameter causes the source code and configuration files to be downloaded
com.ujcms.cms.core.web.backendapi.AbstractWebFileController#downloadZip
The dir parameter is allowed to be set to "WEB-INF/", and the names parameter is allowed to be set to "classes", so that the source code and web configuration files can be downloaded directly.(There is no html directory by default, you can create it directly through the function) |
|---|
| المصدر | ⚠️ https://github.com/ujcms/ujcms/issues/6 |
|---|
| المستخدم | keecth (UID 44296) |
|---|
| ارسال | 06/06/2023 08:03 AM (3 سنوات منذ) |
|---|
| الاعتدال | 14/06/2023 07:21 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 231502 [UJCMS حتى 6.0.2 ZIP Package dir الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|