漏洞描述
Novell Access Manager是新一代的访问管理解决方案。 Novell Access Manager管理控制台的PortalModuleInstallManager组件中存在任意文件上传漏洞。在nps.jar的servlet中,由于没有正确地对参数过滤“../”目录遍历串,攻击者可以指定任意文件名对其上传任意内容。成功攻击可以导致以服务的权限执行任意代码。
Novell Access Manager管理控制台getEntry()方式任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC grafana-unauth-access: Grafana Unauthenticated Access
- POC CVE-2021-20617: Acmailer - Improper Access Control to OS Command Injection
- POC CVE-2022-4940: WCFM Membership <= 2.10.0 - Broken Access Control
- POC CVE-2025-63387: Dify v1.9.1 - Broken Access Control
- POC jboss-jmx-console-unauth: JBoss JMX Console - Unauthenticated Access
- POC wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- ETAP Safety Manager 跨站脚本漏洞
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal
- POC CVE-2023-3277: MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation