| शीर्षक | Beijing Weili Digital Technology Co., Ltd 微力同步 v2.21.3 Download any file |
|---|
| विवरण | During a security assessment of the "微力同步 v2.21.3" version, I found an arbitrary file download vulnerability in the Web administration module. The core interface of this module does not implement valid identity authentication logic, which leads attackers to directly obtain synchronization files and download synchronization files and system sensitive files in the target device by using the software Web management module.Corrective action must be taken immediately to ensure system safety. |
|---|
| स्रोत | ⚠️ https://github.com/jjjjj-zr/jjjjjzr/issues/7 |
|---|
| उपयोगकर्ता | jjjjjzr (UID 92774) |
|---|
| सबमिशन | 21/11/2025 02:50 PM (5 महीनों पहले) |
|---|
| संयम | 06/12/2025 06:34 PM (15 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 334618 [Verysync 微力同步 2.21.3 Web Administration download?key=dummytoken सूचना का प्रकटीकरण] |
|---|
| अंक | 20 |
|---|