漏洞描述
Keking KkFileview是中国凯京科技(Keking)公司的一个 Spring-Boot 打造文件文档在线预览项目。 Keking kkFileview 存在安全漏洞,该漏洞源于存在通过目录遍历漏洞读取任意文件,可能导致相关主机上的敏感文件泄漏。
Keking kkFileview 路径遍历漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-43734: kkFileview v4.0.0 - Local File Inclusion
- POC CVE-2022-29349: kkFileView 4.0.0 - Cross-Site Scripting
- POC CVE-2022-35151: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2022-40879: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2022-43140: kkFileView 4.1.0 - Server-Side Request Forgery
- POC CVE-2022-46934: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2021-43734: kkFileView getCorsFile 任意文件读取漏洞
- POC kkfileview-upload-xss: kkFileView Upload - XSS
- POC CVE-2022-42149: kkFileView 4.0 - Server-Side Request Forgery
- POC kkfileview-panel: kkFileView Panel - Detect
- kkFileView /fileUpload 存在任意文件上传漏洞
- kkFileView zipslip 远程代码执行漏洞
- kkFileview v4.1.0 跨站脚本攻击漏洞