漏洞描述
PowerPMS是上海普华科技发展股份有限公司自主研发的移动端工程项目管理产品。它支持中英文切换,可与普华的PowerOn和PowerPiP系列产品配套使用。PowerPMS存在鉴权绕过后文件上传,攻击者上传恶意文件
普华科技PowerPms File.ashx文件上传
PoC代码
暂无相关漏洞推荐
- POC CVE-2006-3392: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2018-9206: Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC CVE-2023-7164: WordPress BackWPup < 4.0.4 - Backup File Disclosure
- POC CVE-2024-2863: LG LED Assistant - Thumbnail Path Traversal File Upload
- POC CVE-2025-68645: Zimbra Collaboration - Local File Inclusion
- POC wordpress-db-exposure: WordPress Database Backup File - Exposure
- POC exposed-gitmodules: .gitmodules File Exposed
- POC python-history-disclosure: Python History File Disclosure
- POC python-requirements-disclosure: Python Requirements File Disclosure
- POC wp-w3-total-cache-exposure: WordPress W3 Total Cache - Cache Files Exposure
- POC wp-enable-media-replace-log: WordPress Plugin Enable Media Replace - Log File Exposure