漏洞描述
【漏洞对象】CMS ISWEB 【涉及版本】3.5.3 【漏洞描述】 CMS ISWEB3.5.3版本/moduli/downloadFile.php文件file参数目录遍历导致任意文件下载,可泄露数据库信息,获取数据库密码。
CMS ISWEB 3.5.3 downloadFile.php-任意文件下载
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15041: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
- POC CVE-2019-12935: Shopware < 5.5.8 - Cross-Site Scripting
- POC CVE-2020-19363: Vtiger CRM v7.2.0 - Directory Listing
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC CVE-2021-28799: QNAP HBS 3 - Broken Access Control
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC CVE-2022-37932: HP Switch - Authentication Bypass
- POC CVE-2023-33960: OpenProject < 12.5.4 - Project Identifiers Exposure
- POC CVE-2023-52163: Digiever DS-2105 Pro - Command Injection
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC CVE-2024-29792: Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload
- POC wp-w3-total-cache-fpd: WordPress W3 Total Cache - Full Path Disclosure