支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:736

73.6%
立即捐款
一、 漏洞 CVE-2021-47755 基础信息
漏洞信息
                                        # Oliver Library Server v5 任意文件下载漏洞

N/A
神龙判断

是否为 Web 类漏洞: 未知

判断理由:

N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Oliver Library Server v5 - Arbitrary File Download
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit the vulnerability by manipulating the 'fileName' parameter to download sensitive files from the server's filesystem.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
对路径名的限制不恰当(路径遍历)
来源:美国国家漏洞数据库 NVD
漏洞标题
Softlink Oliver Library Server 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Softlink Oliver Library Server是澳大利亚Softlink公司的一款图书管理系统。 Softlink Oliver Library Server v5版本存在安全漏洞,该漏洞源于FileServlet端点中未清理的输入,可能导致任意系统文件下载。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-47755 的公开POC
#POC 描述源链接神龙链接
三、漏洞 CVE-2021-47755 的情报信息

  • 标题: Oliver Library Server v5 - Arbitrary File Download - Windows remote Exploit -- 🔗来源链接

    标签:exploit

    神龙速读:
                                            ## 关键漏洞信息

### 漏洞概览
- **漏洞名称**: Oliver Library Server v5 - Arbitrary File Download
- **EDB-ID**: 50599
- **CVE**: N/A
- **作者**: Mandarin Singh
- **类型**: REMOTE
- **平台**: WINDOWS
- **日期**: 2021-12-15
- **EDB验证**: 未验证

### 技术描述
Oliver v5 Library Server 版本低于8.0.0.053存在任意文件下载漏洞。FileServlet函数允许攻击者利用非净化的用户输入下载任意文件。

### 漏洞利用步骤
1. 使用以下Payload。

### 相关信息
- **漏洞作者**: Mandarin Singh, Ishaan Vij, Luke Blues, CTRL Group
- **供应商主页**: <https://www.softlinkint.com/product/oliver/>
- **测试平台**: Windows Server 2016
    Oliver Library Server v5 - Arbitrary File Download - Windows remote Exploit

  • 标题: Oliver Library Software – Softlink -- 🔗来源链接

    标签:product

    神龙速读:
                                            - **MORE Engagement**
  - Features a modern, intuitive interface and personalized recommendations
  - Allows effortless access to resources anytime, anywhere, on any device
  - Promotes interactive and engaging library experiences

- **MORE Insights**
  - Provides effortless data-driven decisions for library management
  - Generates pre-built or customized reports on usage patterns, borrowing trends, and digital resource engagement
  - Automates reporting on a schedule to save time

- **MORE Time**
  - Focuses on efficient library administration
  - Uses "Smart" cataloguing, automated reporting, and streamlined workflows
  - Allows more time for student interaction and library enrichment

- **MORE Integrations**
  - Integrates seamlessly with school tools and systems
  - Works harmoniously with student management systems, learning platforms, content providers, and authentication tools
  - Streamlines processes and reduces manual labor

- **MORE Confidence**
  - Ensures data security and privacy through cloud-based technology
  - Complies with Safer Technologies 4 Schools (ST4S) Product Badge Program
  - Continuously updated for secure library operations
    Oliver Library Software – Softlink
  • https://nvd.nist.gov/vuln/detail/CVE-2021-47755
四、漏洞 CVE-2021-47755 的评论

暂无评论

发表评论