| 标题 | aaluoxiang https://gitee.com/aaluoxiang/oa_system 20250228 latest version Absolute Path Traversal |
|---|
| 描述 | The open source OA office automation system [aaluoxiang/oa_system](https://gitee.com/aaluoxiang/oa_system) has another API with an arbitrary file read vulnerability (route is "show/**"), which allows attackers to read files in any path on the server, resulting in sensitive information leakage. |
|---|
| 来源 | ⚠️ https://github.com/honorseclab/vulns/blob/main/aaluoxiang_oasystem/ArbitaryFileRead02.md |
|---|
| 用户 | Anonymous User |
|---|
| 提交 | 2025-05-28 10時59分 (1 年前) |
|---|
| 管理 | 2025-06-03 18時33分 (6 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 310995 [aaluoxiang oa_system 直到 5b445a6227b51cee287bd0c7c33ed94b801a82a5 ProcedureController.java image 目录遍历] |
|---|
| 积分 | 18 |
|---|