83 matches found
JCMS 2010任意文件下载漏洞
大汉版通JCMS 2010内容管理系统是基于J2EE构架设计,以全新理念构建的内容管理系统。系统提供了从内容采集、 创建、管理、传递、发布、共享呈送等信息全生命周期过程中所需的各项功能。 在/module/download/downfile.jsp文件中,没有对pathfile和filename参数进行判断,导致可以下载任意 WEB目录下的文件。 JCMS 2010 SEBUG临时解决办法 对pathfile和filename参数进行合理判断。 ———— http://www.hanweb.com/...
JCMS 2010 - File Download
Title: JCMS 2010 File Download Vulnerability Date: 2010-11-22 Author: Beach Team: http://www.linux520.com/ Vendor: http://www.hanweb.com/ Language:Java Greetz: Brother Description: In /module/download/downfile.jsp ,filename and pathfile didn't verify user's input So this vulnerability allows an...
Han Edition through JCMS arbitrary File Download vulnerability-vulnerability warning-the black bar safety net
Han Edition through JCMS Java Content Management System is a set of J2EE-based architecture design to new concept build of the content management system. The system is provided from the content acquisition, creation, management, transfer, publish, share presentation and other information the full...