| 제목 | Ujcms v6.0.2 has a sensitive file reading problem |
|---|
| 설명 | Ujcms v6.0.2 has a sensitive file reading problem. When using Tomcat to deploy the project, the background zip package downloads the html directory, and modifying the dir parameter causes the source code and configuration files to be downloaded
com.ujcms.cms.core.web.backendapi.AbstractWebFileController#downloadZip
The dir parameter is allowed to be set to "WEB-INF/", and the names parameter is allowed to be set to "classes", so that the source code and web configuration files can be downloaded directly.(There is no html directory by default, you can create it directly through the function) |
|---|
| 원천 | ⚠️ https://github.com/ujcms/ujcms/issues/6 |
|---|
| 사용자 | keecth (UID 44296) |
|---|
| 제출 | 2023. 06. 06. AM 08:03 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 06. 14. AM 07:21 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 231502 [UJCMS 까지 6.0.2 ZIP Package dir 정보 공개] |
|---|
| 포인트들 | 20 |
|---|