| Titre | aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Path Traversal |
|---|
| Description | The open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has an API with an arbitrary file read vulnerability (route is "image/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage. |
|---|
| La source | ⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead01.md |
|---|
| Utilisateur | Anonymous User |
|---|
| Soumission | 28/05/2025 10:53 (il y a 1 Année) |
|---|
| Modérer | 03/06/2025 18:32 (6 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 310994 [aaluoxiang oa_system UserpanelController.java image directory traversal] |
|---|
| Points | 18 |
|---|