CVE-2022–36537 | R1Soft Server Backup Manager Arbitrary File Read

CVE-2022–36537 | R1Soft Server Backup Manager Arbitrary File Read

Flash Brutal

55 лет назад

358 Просмотров

if the route /zkau/upload contains the nextURI parameter, the ZK AuUploader servlet will forward the forward request, which can bypass the identity authentication and return the files in the web context, such as obtaining web.xml, zk page, applicationContext -security.xml configuration information, etc.

Тэги:

#CVE-2022–36537 #AFR #File_Read #arbitrary_file_read #web_exploit
Ссылки и html тэги не поддерживаются


Комментарии: