漏洞描述
海康威视视频接入网关系统在页面/serverLog/showFile.php的参数fileName过滤不当,导致存在任意文件下载漏洞,可被利用获取系统的敏感文件信息。
HIKVISION 视频编码设备接入网关 showFile.php任意文件下载
PoC代码
暂无相关漏洞推荐
-
CVE-2017-7921: Hikvision CVE-2017-7921 POC
2025-09-01 | Hikvision/Security/users?auth=YWRtaW46MTEK /onvif-http/snapshot?auth=YWRtaW46MTEK /System/configurationFile... -
CVE-2021-36260: Hikvision IP camera/NVR - Unauthenticated RCE POC
2025-09-01 | Hikvision IP camera NVRA command injection vulnerability in the web server of some Hikvision product. Due to the insufficie... -
hikvision-intercom-service-default-password: Hikvision Intercom Service Default Password POC
2025-09-01 | Hikvision Intercom Serviceapp="HIKVISION-群组对讲服务配置平台" admin/12345 -
SourceCodester Pet Grooming Management Software SQL注入漏洞 无POC
2025-09-22 00:22:31 | SourceCodester Pet Grooming Management SoftwareSourceCodester Pet Grooming Management Software是SourceCodester开源的一个宠物美容管理系统。 SourceCodester Pet Groo... -
D-Link DIR-645 命令注入漏洞 无POC
2025-09-22 00:22:31 | D-Link DIR-645D-Link DIR-645是中国友讯(D-Link)公司的一款无线路由器。 D-Link DIR-645 105B01版本存在命令注入漏洞,该漏洞源于对文件/soap.cgi中参数service的错...