mirror of https://github.com/qwqdanchun/Goby.git
39 lines
1.2 KiB
JSON
39 lines
1.2 KiB
JSON
{
|
|
"Name": "AVCON-6 download.action File Read (CNVD-2020-30193)",
|
|
"Description": "The AVCON-6 system management platform download.action and org_execl_download.action have arbitrary file download vulnerabilities. Attackers can download arbitrary files on the server through the vulnerabilities.",
|
|
"Product": "AVCON-6",
|
|
"Homepage": "http://www.eclipse.org/jetty/",
|
|
"DisclosureDate": "2021-08-10",
|
|
"Author": "1291904552@qq.com",
|
|
"GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/AVCON-6/CNVD-2020-30193/AVCON_6_download_action_File_Read_CNVD_2020_30193.gif",
|
|
"GobyQuery": "app=\"AVCON-6\"",
|
|
"Level": "2",
|
|
"Impact": "<p></p>",
|
|
"Recommandation": "",
|
|
"References": [
|
|
"https://www.cnvd.org.cn/flaw/show/CNVD-2020-30193"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"name": "filepath",
|
|
"type": "createSelect",
|
|
"value": "../../../../../../etc/passwd"
|
|
}
|
|
],
|
|
"ExpTips": null,
|
|
"ScanSteps": null,
|
|
"ExploitSteps": null,
|
|
"Tags": [
|
|
"fileread"
|
|
],
|
|
"CVEIDs": null,
|
|
"CVSSScore": "0.0",
|
|
"AttackSurfaces": {
|
|
"Application": null,
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": ["AVCON-6"]
|
|
}
|
|
} |