| 标题 | MxsDoc zip slip |
|---|
| 描述 | MxsDoc a file decompression loopholes exist in the web application, also called Zip Slip vulnerability(https://security.snyk.io/research/zip-slip-vulnerability).
This vulnerability can cause any file to be written, such as a malicious jsp file to the web root, thus getshell.
Impact
Affected version: less than or equal to DocSys_V2.02.37(latest version)
Condition of utilization:The administrator or super administrator rights are required
Impact:A zip slip vulnerability in this system can result in getshell
details: https://gitee.com/RainyGao/DocSys/issues/I65IYU |
|---|
| 来源 | ⚠️ https://github.com/A-TGAO/MxsDocVul/blob/main/ZipSlipVul.md |
|---|
| 用户 | TGAO (UID 37046) |
|---|
| 提交 | 2022-12-10 04時29分 (4 年前) |
|---|
| 管理 | 2022-12-11 08時47分 (1 day later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 215271 [RainyGao DocSys 2.02.37 ZIP File Decompression 权限提升] |
|---|
| 积分 | 16 |
|---|