漏洞描述
Ilevia EVE X1 Server 存在文件读取漏洞,攻击者可以通过向 /ajax/php/get_file_content.php 接口发送特制的请求,读取服务器上的任意文件内容。此漏洞可能导致敏感信息泄露,例如系统配置文件、用户凭据等。
Ilevia EVE X1 Server /ajax/php/get_file_content.php 文件读取漏洞(CVE-2025-34518)
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-22017: vCenter Server - Improper Access Control
- 杭州新中大科技股份有限公司netcallServer管理控制台存在未授权访问漏洞
- POC CVE-2019-13608: Citrix StoreFront Server - XML External Entity
- POC confluence-xslt-macro-ssrf: Atlassian Confluence XSLT Macro - Server-Side Request Forgery
- POC CVE-2020-16248: Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
- POC openvpn-as-config-exposure: OpenVPN Access Server - Configuration Exposure
- POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2026-21859: Mailpit < 1.28.3 - Server-Side Request Forgery
- POC firebase-fcm-server-key-disclosure: Firebase Cloud Messaging - Server Key Disclosure
- POC ezservermonitor-exposure: eZ Server Monitor - Exposure
- 天锐绿盾审批系统 fileServer 信息泄露漏洞