CVE-2022-26271 PoC — 迅易科技 74cms 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-26271.yaml

Associated Vulnerability

Title:迅易科技 74cms 安全漏洞 (CVE-2022-26271)
Description:迅易科技 74cms是中国迅易科技公司的一套基于PHP和MySQL的在线招聘系统。 74cmsSE v3.4.1存在安全漏洞，该漏洞源于通过 indexcontrollerDownload.php 中的 $url 参数发现 74cmsSE v3.4.1 包含任意文件读取漏洞。

Description

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.

File Snapshot


 id: CVE-2022-26271

info:
  name: 74cmsSE v3.4.1 - Arbitrary File Read
  author: ritikchaddha
  seve

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.