| Título | Ujcms v6.0.2 has a sensitive file reading problem |
|---|
| Descripción | Ujcms v6.0.2 has a sensitive file reading problem. When using Tomcat to deploy the project, the background zip package downloads the html directory, and modifying the dir parameter causes the source code and configuration files to be downloaded
com.ujcms.cms.core.web.backendapi.AbstractWebFileController#downloadZip
The dir parameter is allowed to be set to "WEB-INF/", and the names parameter is allowed to be set to "classes", so that the source code and web configuration files can be downloaded directly.(There is no html directory by default, you can create it directly through the function) |
|---|
| Fuente | ⚠️ https://github.com/ujcms/ujcms/issues/6 |
|---|
| Usuario | keecth (UID 44296) |
|---|
| Sumisión | 2023-06-06 08:03 (hace 3 años) |
|---|
| Moderación | 2023-06-14 07:21 (8 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 231502 [UJCMS hasta 6.0.2 ZIP Package dir divulgación de información] |
|---|
| Puntos | 20 |
|---|