漏洞描述
金蝶OA系统是一款集企业内部管理、财务、人力资源、项目管理、生产管理、供应链管理等功能于一体的综合性企业数字化管理平台,攻击者可通过../进行越级读取系统敏感文件
Kingdee 金蝶 协同办公平台存在任意文件读取
PoC代码
暂无相关漏洞推荐
- POCkingdee-cloud-user-deserialization-rce: 金蝶云星空 UserService 反序列化远程代码执行
- POCkingdee-deserialization-rce: 金蝶云星空反序列化rce
- POCkingdee-eas-directory-traversal: Kingdee EAS - Local File Inclusion
- POCkingdee-eas-myuploadfile-fileupload: 金蝶EAS myUploadFile接口任意文件上传
- POCkingdee-oa-apusic-server-file-traversal: 金蝶OA Apusic应用服务器(中间件) server_file 目录遍历
- 无POCKingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞
- POCkingdee-eas-directory-traversal: Kingdee EAS - Local File Inclusion
- POCkingdee-erp-rce: Kingdee OA Yunxingkong kdsvc - Remote Code Execution
- 无POC金蝶OA /get_mail_value.jsp 路径 ids 参数存在SQL注入漏洞
- 无POCKingdee-EAS uploadLogo.action任意文件上传漏洞
- 无POC金蝶OA /file_sms_history.jsp 路径存在SQL注入漏洞