| Название | MxsDoc zip slip |
|---|
| Описание | MxsDoc a file decompression loopholes exist in the web application, also called Zip Slip vulnerability(https://security.snyk.io/research/zip-slip-vulnerability).
This vulnerability can cause any file to be written, such as a malicious jsp file to the web root, thus getshell.
Impact
Affected version: less than or equal to DocSys_V2.02.37(latest version)
Condition of utilization:The administrator or super administrator rights are required
Impact:A zip slip vulnerability in this system can result in getshell
details: https://gitee.com/RainyGao/DocSys/issues/I65IYU |
|---|
| Источник | ⚠️ https://github.com/A-TGAO/MxsDocVul/blob/main/ZipSlipVul.md |
|---|
| Пользователь | TGAO (UID 37046) |
|---|
| Представление | 10.12.2022 04:29 (4 лет назад) |
|---|
| Модерация | 11.12.2022 08:47 (1 day later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 215271 [RainyGao DocSys 2.02.37 ZIP File Decompression эскалация привилегий] |
|---|
| Баллы | 16 |
|---|