漏洞描述
ilevia EVE X1 Server get_file_content接口存在任意文件读取漏洞,该漏洞允许攻击者通过构造特定的请求,访问系统中任意文件。攻击者可利用该漏洞获取敏感信息,如配置文件、用户数据或系统关键文件,从而对服务器的安全性造成威胁。由于缺乏适当的输入验证和权限控制,这一漏洞可能导致敏感数据泄露和系统被恶意操控。
ilevia EVE X1 Server get_file_content 接口存在任意文件读取漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-16248: Prometheus Blackbox Exporter - Server-Side Request Forgery (SSRF)
- POC openvpn-as-config-exposure: OpenVPN Access Server - Configuration Exposure
- POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2026-21859: Mailpit < 1.28.3 - Server-Side Request Forgery
- POC firebase-fcm-server-key-disclosure: Firebase Cloud Messaging - Server Key Disclosure
- POC ezservermonitor-exposure: eZ Server Monitor - Exposure
- 天锐绿盾审批系统 fileServer 信息泄露漏洞
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2020-25200: Pritunl VPN Server 1.29.2145.25 - Username Enumeration