oa_system 20250228 latest version Absolute Path TraversalИнформация

Название	aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Absolute Path Traversal
Описание	The open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has another API with an arbitrary file read vulnerability (route is "show/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage.
Источник	⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead02.md
Пользователь	Anonymous User
Представление	28.05.2025 10:59 (1 Год назад)
Модерация	03.06.2025 18:33 (6 days later)
Статус	принято
Запись VulDB	310995 [aaluoxiang oa_system до 5b445a6227b51cee287bd0c7c33ed94b801a82a5 ProcedureController.java image обход каталога]
Баллы	18

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!