| Название | aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Path Traversal |
|---|
| Описание | The open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has an API with an arbitrary file read vulnerability (route is "image/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage. |
|---|
| Источник | ⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead01.md |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 28.05.2025 10:53 (1 Год назад) |
|---|
| Модерация | 03.06.2025 18:32 (6 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 310994 [aaluoxiang oa_system до 5b445a6227b51cee287bd0c7c33ed94b801a82a5 UserpanelController.java image обход каталога] |
|---|
| Баллы | 18 |
|---|