{ "Name": "YiShaAdmin 3.1 Arbitrary File Read", "Description": "
YiShaAdmin is based on the .NET Core MVC permission management system. The code is easy to read and understand, and the interface is simple and beautiful.
Attackers can exploit the vulnerability to read arbitrary files, including database passwords.
Attackers can exploit the vulnerability to read arbitrary files, including database passwords.
YiShaAdmin 基于 .NET Core MVC 的权限管理系统,代码易读易懂、界面简洁美观。
攻击者可利用漏洞读取任意文件,包括数据库密码等。
对/admin/File/DownloadFile 设置鉴权
设置访问的白名单
修复请关注链接:https://github.com/liukuo362573/YiShaAdmin
攻击者可利用漏洞读取任意文件,包括数据库密码等。
YiShaAdmin is based on the .NET Core MVC permission management system. The code is easy to read and understand, and the interface is simple and beautiful.
Attackers can exploit the vulnerability to read arbitrary files, including database passwords.
Set authentication to /admin/File/DownloadFile
Set a whitelist for access
Please follow the link for repair: https://github.com/liukuo362573/YiShaAdmin
", "Impact": "Attackers can exploit the vulnerability to read arbitrary files, including database passwords.