漏洞描述
VMware vCenter Server 提供了一个可伸缩,可扩展的平台,为虚拟化管理基础平台。VMware vCenter Server (以前称为VMware VirtualCenter),可集中管理 VMware vSphere 环境,与其他管理平台相比,极大地提高了 IT 管理员对虚拟环境的控制。在vCenter Web 服务的特定路径下,存在一个未经校验的外部可控参数,可直接传入任意文件路径并返回具体文件内容。
Vmware Vcenter任意文件读取漏洞
PoC代码
暂无相关漏洞推荐
- (CVE-2025-41250)VMware vCenter SMTP头部注入漏洞
- Vmware Spring Security 逻辑缺陷漏洞
- Vmware Spring Framework 逻辑缺陷漏洞
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC vmware-vcenter-lfi: VMware vCenter - Local File Inclusion
- POC vmware-vcenter-log4j-jndi-rce-temp: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-provider-logo-ssrf: Vmware VCenter - Arbitrary File Read
- POC vmware-vcenter-lfi-linux: Linux Vmware Vcenter - Local File Inclusion
- POC vmware-vcenter-lfi: VMware vCenter - Local File Inclusion
- POC vmware-vcenter-log4j-rce: VMware VCenter - Remote Code Execution (Apache Log4j)
- POC vmware-vcenter-ssrf: VMware vCenter - Server-Side Request Forgery/Local File Inclusion/Cross-Site Scripting
- POC CVE-2020-3952: VMware vCenter Server LDAP Broken Access Control