漏洞描述
在avatar_uploader v7.x-1.0-beta8中,view.php程序不限制文件路径,允许未经身份验证的用户检索任意文件。
drupal 存在任意文件读取漏洞(CVE-2018-9205)
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3704: Drupal SQL Injection POC
2025-08-01 | DrupalThe expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not... -
CVE-2018-7600: Drupal - Remote Code Execution POC
2025-08-01 | DrupalDrupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attac... -
CVE-2018-7602: Drupal - Remote Code Execution POC
2025-08-01 | DrupalDrupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsyst... -
CVE-2018-1000600: Pre-auth Fully-responded SSRF POC
2025-09-01 | Pre-authA exposure of sensitive information vulnerability exists in Jenkins GitHub Plugin 1.29.1 and earlier... -
CVE-2018-1000861: Jenkins 2.138 Remote Command Execution POC
2025-09-01 | JenkinsA code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier...