| 제목 | http://jimureport.com/ https://mvnrepository.com/artifact/org.jeecgframework.jimureport/jimureport-spring-boot-starter/1.6.1 jimureport <= 1.6.1 arbitrary file write |
|---|
| 설명 | Jimureport has the function of remotely downloading files and writing them to the server, but the file name is not verified during the download and writing process, resulting in a special file name can be constructed to write arbitrary files, and an attacker can exploit this vulnerability to write SSH public key or write WAR packages to deploy Trojan files (when the application is deployed with Tomcat). |
|---|
| 원천 | ⚠️ https://github.com/N0b1e6/exp/blob/main/README.md |
|---|
| 사용자 | N0b1e6 (UID 42939) |
|---|
| 제출 | 2023. 11. 17. AM 04:14 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 11. 26. PM 04:08 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 246133 [jeecgboot JimuReport 까지 1.6.1 /download/image imageUrl 디렉토리 순회] |
|---|
| 포인트들 | 19 |
|---|