漏洞描述
openSIS Classic Community Edition v9.0 存在路径遍历漏洞。攻击者可以通过操控 DownloadWindow.php 文件中的 filename 参数,读取服务器上的任意文件。此漏洞允许未经身份验证的远程攻击者访问敏感文件,可能导致信息泄露。
openSIS v9.0 /DownloadWindow.php 目录遍历漏洞(CVE-2023-38879)
PoC代码
暂无相关漏洞推荐
- openSIS v9.1存在路径遍历(CVE-2023-38879)
- POC CVE-2020-6637: OpenSIS 7.3 - SQL Injection
- POC CVE-2021-40542: Opensis-Classic 8.0 - Cross-Site Scripting
- POC CVE-2021-40651: OS4Ed OpenSIS Community 8.0 - Local File Inclusion
- POC CVE-2021-41691: openSIS Student Information System 8.0 SQL Injection
- POC CVE-2023-38879: openSIS v9.0 - Path Traversal
- POC CVE-2024-35584: openSIS < 9.1 - SQL Injection
- POC CVE-2024-51211: openSIS Classic v9.1 - SQL Injection
- POC opensis-installer: openSIS Installation Wizard
- POC opensis-lfi: openSIS 5.1 - Local File Inclusion
- OpenSIS 8.0 CVE-2021-39378 SQL 注入漏洞
- openSIS登录口SQL注入漏洞(CVE-2020-6141,CVE-2020-6637)