漏洞描述
Weaver OA v9.5存在未授权访问任意文件漏洞,此漏洞是由于站点"downfile.php"对url参数验证不足导致的。
Weaver OA v9.5 未授权访问任意文件漏洞
PoC代码
暂无相关漏洞推荐
- weaver-oa-workrelate-file-upload: Weaver OA Workrelate File Upload
- POC CVE-2023-2766: Weaver OA 9.5 - Information Disclosure
- POC CNVD-2022-43245: Weaver OA XmlRpcServlet - Arbitary File Read
- POC CVE-2023-2766: Weaver OA 9.5 - Information Disclosure
- POC CNVD-2022-43245: Weaver OA XmlRpcServlet - Arbitary File Read
- POC weaver-uploadoperation-file-upload: Weaver OA Workrelate - Arbitary File Upload
- Weaver OA v9.5 敏感信息泄露漏洞
- Weaver OA weaver.common.Ctrl