Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the fileDownload function in the CommonController class in FEBS-Shiro before 2018-11-05. An attacker can download a file via a request of the form /common/download?filename=1.jsp&delete=false. NOTE: the software maintainer disputes the significance of this report because the product uses a JAR archive for deployment, and this contains application.yml with configuration data
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FEBS-Shiro 安全漏洞
Vulnerability Description
FEBS-Shiro是一套基于Sping Boot框架的后台权限管理系统。 FEBS-Shiro 2018-11-05之前版本中的CommonController类的‘fileDownload’函数存在安全漏洞。攻击者可通过发送特制的请求利用该漏洞下载文件。
CVSS Information
N/A
Vulnerability Type
N/A