漏洞描述
金蝶OA系统是一款集企业内部管理、财务、人力资源、项目管理、生产管理、供应链管理等功能于一体的综合性企业数字化管理平台,攻击者可通过../进行越级读取系统敏感文件
Kingdee 金蝶 协同办公平台存在任意文件读取
PoC代码
暂无相关漏洞推荐
- 金蝶云星空 /Kingdee.BOS.WebApi.ServicesStub.AuthService.ValidateLoginInfo.common.kdsvc 命令执行漏洞
- Kingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞
- POC kingdee-eas-directory-traversal: Kingdee EAS - Local File Inclusion
- POC kingdee-eas-myuploadfile-fileupload: 金蝶EAS myUploadFile接口任意文件上传
- POC kingdee-eas-directory-traversal: Kingdee EAS - Local File Inclusion
- POC kingdee-erp-rce: Kingdee OA Yunxingkong kdsvc - Remote Code Execution
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.InOutDataService.GetImportOutData.common.kdsvc 命令执行漏洞
- POC 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.AppDesigner.AppDesignerService.RecordCurDevCodeInfo.common.kdsvc 命令执行漏洞
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.ServiceGateway.GetServiceUri.common.kdsvc 代码执行漏洞
- 金蝶云星空 /Kingdee.BOS.ServiceFacade.ServicesStub.User.UserService.SaveUserPassport.common.kdsvc 代码执行漏洞
- 金蝶云星空 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 任意代码执行漏洞
- Kingdee-EAS uploadLogo.action任意文件上传漏洞