oa_system 20250228 latest version Path Traversalالمعلومات

عنوان	aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Path Traversal
الوصف	The open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has an API with an arbitrary file read vulnerability (route is "image/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage.
المصدر	⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead01.md
المستخدم	Anonymous User
ارسال	28/05/2025 10:53 AM (1 سنة منذ)
الاعتدال	03/06/2025 06:32 PM (6 days later)
الحالة	تمت الموافقة
إدخال VulDB	310994 [aaluoxiang oa_system حتى 5b445a6227b51cee287bd0c7c33ed94b801a82a5 UserpanelController.java image اجتياز الدليل]
النقاط	18