漏洞描述
泛微协同管理应用平台(e-cology)是一套兼具企业信息门户、知识管理、数据中心、工作流管理、人力资源管理、客户与合作伙伴管理、项目管理、财务管理、资产管理功能的协同商务平台。泛微e-cologyorg.springframework.web.servlet.ResourceServlet存在目录穿越漏洞,攻击者可利用该漏洞获取敏感信息。
泛微Ecology OA org.springframework.web.servlet.ResourceServlet目录穿越漏洞
PoC代码
暂无相关漏洞推荐
- POC bentoml-ssrf: Bentoml - Server Side Request Forgery
- POC gradio-image-ssrf: Gradio Image Component - Server-Side Request Forgery
- Flowise /api/v1/account/forgot-password 未授权访问漏洞(CVE-2025-58434)
- Linear eMerge E3 forgot_password 命令执行漏洞
- 宏景HCM /w_selfservice/oauthservlet/../../general/inform/org/loadhistroyorgtree SQL 注入漏洞(CVE-2023-6655)
- POC CVE-2014-4210: Oracle Weblogic - Server-Side Request Forgery
- POC CVE-2015-8813: Umbraco <7.4.0- Server-Side Request Forgery
- POC CVE-2016-1000133: WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
- POC CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery
- POC CVE-2017-18638: Graphite <=1.1.5 - Server-Side Request Forgery
- POC CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery
- POC CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
- POC CVE-2018-14728: Responsive filemanager 9.13.1 Server-Side Request Forgery