CVE-2024-37728 PoC — Daxi OfficeWeb365 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-37728.yaml

Associated Vulnerability

Title:Daxi OfficeWeb365 安全漏洞 (CVE-2024-37728)
Description:Daxi OfficeWeb365是中国大西（Daxi）公司的一个办公软件。 Daxi OfficeWeb365 7.18.23.0版本和8.6.1.0版本存在安全漏洞，该漏洞源于存在任意文件读取漏洞，远程攻击者可以通过Pic/Index接口获取敏感信息。

Description

There is any file reading in the officeWeb365 Indexs interface.

File Snapshot


 id: CVE-2024-37728

info:
  name: OfficeWeb365 Indexs Interface - Arbitrary File Read
  author: Dhiy

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!