| عنوان | http://jimureport.com/ https://mvnrepository.com/artifact/org.jeecgframework.jimureport/jimureport-spring-boot-starter/1.6.1 jimureport <= 1.6.1 arbitrary file write |
|---|
| الوصف | Jimureport has the function of remotely downloading files and writing them to the server, but the file name is not verified during the download and writing process, resulting in a special file name can be constructed to write arbitrary files, and an attacker can exploit this vulnerability to write SSH public key or write WAR packages to deploy Trojan files (when the application is deployed with Tomcat). |
|---|
| المصدر | ⚠️ https://github.com/N0b1e6/exp/blob/main/README.md |
|---|
| المستخدم | N0b1e6 (UID 42939) |
|---|
| ارسال | 17/11/2023 04:14 AM (3 سنوات منذ) |
|---|
| الاعتدال | 26/11/2023 04:08 PM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 246133 [jeecgboot JimuReport حتى 1.6.1 /download/image imageUrl اجتياز الدليل] |
|---|
| النقاط | 19 |
|---|