| عنوان | Beijing Weili Digital Technology Co., Ltd 微力同步 v2.21.3 Arbitrary File Read |
|---|
| الوصف | During a security assessment of the "微力同步 v2.21.3" version, I found an arbitrary file read vulnerability in the Web administration module. The core interface of this module does not implement effective identity authentication logic, which leads attackers to directly obtain the synchronization file path and construct requests by using the software Web management module to traverse and read synchronization files and system sensitive files in the target device. Corrective action must be taken immediately to ensure system safety. |
|---|
| المصدر | ⚠️ https://github.com/jjjjj-zr/jjjjjzr/issues/8 |
|---|
| المستخدم | jjjjjzr (UID 92774) |
|---|
| ارسال | 21/11/2025 03:06 PM (5 أشهر منذ) |
|---|
| الاعتدال | 06/12/2025 06:34 PM (15 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 334617 [Verysync 微力同步 حتى 2.21.3 Web Administration f96956469e7be39d الكشف عن المعلومات] |
|---|
| النقاط | 0 |
|---|