| عنوان | MxsDoc Arbitrary file download Vulnerability |
|---|
| الوصف | Get the user avatar interface 'com.DocSystem.Controller.UserController#getUserImg' exist any file to download, the interface is blocked by system interceptors, after need to log in to access, But the interceptor interface 'com.DocSystem.Controller.MyInterceptor#preHandle' write permissions to bypass the problems.
Therefore, any file download vulnerability can be caused without login.
Impact:
1. Affected version: Full version
2. Vulnerability damage: arbitrary file download |
|---|
| المصدر | ⚠️ https://gitee.com/RainyGao/DocSys/issues/I66A3V |
|---|
| المستخدم | TGAO (UID 37046) |
|---|
| ارسال | 15/12/2022 04:17 AM (4 سنوات منذ) |
|---|
| الاعتدال | 15/12/2022 09:36 AM (5 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 215851 [RainyGao DocSys الكشف عن المعلومات] |
|---|
| النقاط | 20 |
|---|