漏洞描述
【漏洞对象】SiteFactory CMS 【涉及版本】SiteFactory CMS 5.5.9 【漏洞描述】 SiteFactory CMS5.5.9系统/manage/download.aspx文件中File参数 存在任意文件下载漏洞。
SiteFactory CMS 5.5.9 download.aspx页面File参数-任意文件下载(CVE-2015-6914)
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15041: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
- POC CVE-2018-7765: Schneider Electric U.motion Builder - SQL Injection
- POC CVE-2019-12935: Shopware < 5.5.8 - Cross-Site Scripting
- POC CVE-2021-37598: WP Cerber < 8.9.3 - Broken Access Control
- POC CVE-2023-33960: OpenProject < 12.5.4 - Project Identifiers Exposure
- POC CVE-2023-52163: Digiever DS-2105 Pro - Command Injection
- POC CVE-2024-29792: Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting
- POC CVE-2024-56159: Astro - Information Disclosure
- POC CVE-2025-25570: Vue Vben Admin - Default Credentials
- POC CVE-2025-4210: Casdoor - Authorization Bypass
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload
- POC CVE-2025-46549: YesWiki <= 4.5.1 - Cross-Site Scripting
- POC CVE-2025-46550: YesWiki < 4.5.4 - Cross-Site Scripting