漏洞描述
<span style="color: rgba(0, 0, 0, 0.65);">portal/pt/portaltemplate/importTemplate 接口存在xml注入漏洞,</span>从而窃取服务器敏感信息
关于NC importTemplate 接口存在XML实体注入漏洞的修复通告
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-13486: Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution
- POC wordfence-config-disclosure: WordPress Wordfence - Configuration File Disclosure
- POC wordfence-rules-disclosure: WordPress Wordfence - Rules File Disclosure
- POC wordfence-waf-logs-disclosure: WordPress Wordfence - WAF Logs and Data Disclosure
- POC wp-maintenance-mode-fpd: WordPress WP Maintenance Mode - Full Path Disclosure
- POC wp-wordfence-fpd: Wordfence - Full Path Disclosure
- POC wp-easy-fancybox-fpd: Easy FancyBox - Full Path Disclosure
- 微力同步-VeriSync resources 任意文件读取漏洞
- GreenCMS 路径遍历漏洞
- 用友NC及NC Cloud系统 /uapws/service/nc.itf.bap.service.IBapIOService getBapTableDatas SQL 注入漏洞
- Campcodes Advanced_voting_management_system不正确的权限分配漏洞(CVE-2025-14889)
- (CVE-2023-53873)SyncBreeze 15.2.24登录认证机制拒绝服务漏洞
- 用友NC /portal/pt/portalcombo/importCombo XML 外部实体注入漏洞