漏洞描述
【漏洞对象】SiteFactory CMS 【涉及版本】SiteFactory CMS 5.5.9 【漏洞描述】 SiteFactory CMS5.5.9系统/manage/download.aspx文件中File参数 存在任意文件下载漏洞。
SiteFactory CMS 5.5.9 download.aspx页面File参数-任意文件下载(CVE-2015-6914)
PoC代码
暂无相关漏洞推荐
- GLPI /index.php/ajax/ SQL 注入漏洞(CVE-2025-24799)
- Flowise /api/v1/node-load-method/customMCP 命令执行漏洞(CVE-2025-8943)
- N-central /dms/services/ServerMMS XML 外部实体注入漏洞(CVE-2025-11700)
- dpanel /api/app/compose/get-from-uri 文件读取漏洞(CVE-2025-53363)
- Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- POC CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
- POC CVE-2019-19825: TOTOLINK/Realtek Routers - CAPTCHA Bypass
- POC CVE-2025-11700: N-central - XML External Entities Injection
- POC CVE-2025-12055: MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal
- POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- POC CVE-2025-55523: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- POC CVE-2025-9316: N-central - Authentication Bypass