CVE-2020-14864 PoC — Oracle Business Intelligence Enterprise Edition 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-14864.yaml

Associated Vulnerability

Title:Oracle Business Intelligence Enterprise Edition 路径遍历漏洞 (CVE-2020-14864)
Description:Oracle Business Intelligence Enterprise Edition是美国甲骨文（Oracle）公司的一款智能商业分析软件。对企业数据进行可视化分析，从而辅助决策、降低总体拥有成本并提高整个组织的投资回报率。 Oracle Business Intelligence Enterprise Edition 存在路径遍历漏洞，该漏洞使未经身份验证的攻击者可以通过HTTP访问网络，从而破坏Oracle Business Intelligence企业版。以下产品及版本受到影响： 5.5.

Description

Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage."

File Snapshot


 id: CVE-2020-14864

info:
  name: Oracle Fusion - Directory Traversal/Local File Inclusion
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!