| Titel | Tsinghua Unigroup Electronic Archives System 3.2.210802(62532) File and Directory Information Exposure |
|---|
| Beschreibung | A remote path traversal vulnerability in Tsinghua Unigroup Electronic Archives System 3.2.210802 (62532) allows unauthenticated attackers to retrieve arbitrary files from the underlying server via manipulation of the path parameter in the /System/Cms/downLoad interface. Exploitation of this vulnerability allows attackers to read arbitrary files on the server, which may expose sensitive configuration files, credentials, or other confidential information. |
|---|
| Quelle | ⚠️ https://github.com/luoye197-prog/cve-ziguang-filereadnew |
|---|
| Benutzer | lanmeik (UID 95270) |
|---|
| Einreichung | 23.02.2026 10:29 (vor 2 Monaten) |
|---|
| Moderieren | 07.03.2026 13:17 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 349662 [Tsinghua Unigroup Electronic Archives System 3.2.210802(62532) /System/Cms/downLoad path Directory Traversal] |
|---|
| Punkte | 20 |
|---|