skycaiji Skycaiji cms has an arbitrary file read vulnerability at V1.3

Skycaiji cms has an arbitrary file read vulnerability at V1.3

Open liao10086 opened this issue 6 years ago • 1 comments

I found an arbitrary file read vulnerability at V1.3 In the module of error log URL: http://localhost/index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5CSkycaijiApp%5CRuntime%5CLogs%5CAdmin%5C18_09_13.log The parameter of file can control，for example read index.php POC:

suggest：limit the parameter of file Info:V1.3 I hope you can fix it Best wish! author by:[email protected]

Sep 13 '18 07:09 liao10086

2.0版本已修复

Feb 19 '19 10:02 zorlan

skycaiji skycaiji copied to clipboard

Skycaiji cms has an arbitrary file read vulnerability at V1.3

skycaiji
skycaiji copied to clipboard