漏洞描述
IBM WebSphere Portal是美国IBM公司的一套企业门户软件。该软件能够创建一个联接企业内部和外部的平台,可让员工、客户和供应商等通过该平台访问企业内部数据。 IBM WebSphere Portal 7.0.0.2 CF27之前的7.x版本和8.x至8.0.0.1 CF09版本中的Registration/Edit My Profile Portlet中存在任意文件上传漏洞。远程攻击者可利用该漏洞造成拒绝服务或修改数据。
IBM WebSphere Portal 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- itsourcecode Open Source Job Portal SQL注入漏洞
- 用友U8Cloud /servlet/~uap/nc.merp.bs.maportal.NCPortalServlet XML 外部实体注入漏洞
- mojoPortal imagehandler存在任意文件读取漏洞
- POC CVE-2010-1312: Joomla! Component News Portal 1.5.x - Local File Inclusion
- POC CVE-2015-3897: Bonita BPM Portal <6.5.3 - Local File Inclusion
- POC CVE-2015-7450: IBM WebSphere Java Object Deserialization - Remote Code Execution
- POC CVE-2017-14186: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
- POC CVE-2020-7961: Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution
- POC CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery
- POC CVE-2022-32409: Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion
- POC CVE-2022-42118: Liferay Portal - Cross-site Scripting
- POC CVE-2023-24322: mojoPortal 2.7.0.0 - Cross-Site Scripting
- POC CVE-2023-44012: mojoPortal v.2.7.0.0 - Cross-Site Scripting