漏洞描述
齐博软件是国内主流CMS系统之一,曾多次被新浪网、腾讯网、凤凰网等多家大型IT媒体报道。齐博CMS目前已有数以万计的用户在使用,覆盖政府、企业、科研教育和媒体等各个领域。其中齐博cms地方门户v5.0系统存在本地文件包含漏洞,攻击者可利用该漏洞获取系统信息及无条件Getshell。
齐博CMS V5.0_/hr/listperson.php本地文件包含漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-12127: WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure
- POC CVE-2022-31847: WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure
- POC CVE-2022-48164: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
- POC CVE-2022-48166: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure
- POC CVE-2024-29972: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - NsaRescueAngel Backdoor Account
- POC CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
- POC CVE-2025-2709: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting
- POC CVE-2018-7700: Dedecms V5.7 后台任意代码执行
- POC CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 Command Injection
- POC dedecms-carbuyaction-fileinclude: DedeCmsV5.6 Carbuyaction Fileinclude