Soumettre #585885: aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Absolute Path Traversalinformation

Titreaaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Absolute Path Traversal
DescriptionThe open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has another API with an arbitrary file read vulnerability (route is "show/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage.
La source⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead02.md
Utilisateur
 Anonymous User
Soumission28/05/2025 10:59 (il y a 1 Année)
Modérer03/06/2025 18:33 (6 days later)
StatutAccepté
Entrée VulDB310995 [aaluoxiang oa_system ProcedureController.java image directory traversal]
Points18

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!