漏洞描述
kkFileView是凯京科技(kekingcn)开源的一个基于 Spring-Boot 的通用文件在线预览项目。 kkFileView v4.3.0版本存在安全漏洞,该漏洞源于访问控制不正确。
kkFileView 接口未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2021-43734: kkFileview v4.0.0 - Local File Inclusion
- POC CVE-2022-29349: kkFileView 4.0.0 - Cross-Site Scripting
- POC CVE-2022-35151: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2022-40879: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2022-43140: kkFileView 4.1.0 - Server-Side Request Forgery
- POC CVE-2022-46934: kkFileView 4.1.0 - Cross-Site Scripting
- POC CVE-2021-43734: kkFileView getCorsFile 任意文件读取漏洞
- POC kkfileview-upload-xss: kkFileView Upload - XSS
- POC CVE-2022-42149: kkFileView 4.0 - Server-Side Request Forgery
- POC kkfileview-panel: kkFileView Panel - Detect
- kkFileView /fileUpload 存在任意文件上传漏洞
- kkFileView zipslip 远程代码执行漏洞
- kkFileview v4.1.0 跨站脚本攻击漏洞