漏洞描述
HiKVISION 综合安防管理平台是一套安防信息化集成平台。HiKVISION 综合安防管理平台存在任意文件上传漏洞,攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。
HiKVISION 综合安防管理平台 files 文件上传漏洞
PoC代码
暂无相关漏洞推荐
- Langflow /api/v1/files/profile_pictures/../langflow.db 目录遍历漏洞
- 新中大ERP企业管理软件 /filesrv/NGInterface/Index SQL 注入漏洞
- POC generic-php-files: Generic PHP Backup Information Disclosure
- Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- Dify /console/api/remote-files/upload 服务器端请求伪造漏洞
- hikvision-files-upload: Hikvision Files Upload
- backup-files: Compressed Backup File - Detect
- POC CVE-2007-4504: Joomla! RSfiles <=1.0.2 - Local File Inclusion
- POC CVE-2021-40875: Gurock TestRail Application files.md5 Exposure
- POC CVE-2015-8399: Atlassian Confluence configuration files read
- POC gcloud-filestore-deletion-protection-disabled: Filestore Instance Deletion Protection Not Enabled
- POC gcloud-filestore-no-backups: Filestore Instance Not Using On-Demand Backup
- POC gcloud-filestore-no-cmek: Filestore Instance Not Using Customer-Managed Encryption Keys