漏洞描述
Wifi-soft UniBox Controller 是一种多功能网络控制器,主要设计用于管理和盈利公共 Wi-Fi 网络。/tools/download_csv.php存在文件读取漏洞,该漏洞允许低权限用户通过路径遍历泄露系统上的敏感文件,包括环境变量、日志文件和用户数据,可能导致敏感信息泄露和进一步的攻击。
Wifi-soft UniBox controller /tools/download_csv.php 文件读取漏洞
PoC代码
暂无相关漏洞推荐
- Wifi-soft UniBox /authentication/logout.php 命令执行漏洞 (CVE-2025-6102)
- 万户OA /defaultroot/yzConvertFile/file2Html.controller 任意文件上传漏洞
- jeecgboot-commoncontroller-parserxml-fileupload: Jeecgboot commonController parserXml fileupload
- shiziyu-cms-apicontroller-sqli: shiziyu cms apicontroller sqli
- 万户OA /defaultroot/yzConvertFile/file2Html.controller 服务器端请求伪造漏洞
- POC 74cms-ajax-personal-controller-class-php-sqlinject: 74 CMS 5.0.1 SQL 注入漏洞
- POC metersphere-plugincontroller-rce: MeterSphere PluginController Pre-auth RCE
- POC shiziyu-cms-apigood-controller-sql-injection: 狮子鱼CMS ApigoodController.class.php SQL注入漏洞
- POC thinkphp5-controller-rce: thinkphp5-controller-rce
- POC wanhu-oa-fileupload-controller-upload: 万户 OA fileupload.controller 文件上传漏洞
- POC yongyou-changjietong-addresssettingcontroller-ssrf: 用友畅捷通AddressSettingController-SSRF漏洞
- POC shiziyu-cms-apicontroller-sqli: Shiziyu CMS Api Controller - SQL Injection
- POC wanhu-oa-fileupload-controller: Wanhu OA Fileupload Controller - Arbitrary File Upload