CVE-2023-41566

Sažetak

OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions.

Reference

https://gist.github.com/night-0p/668fc88385d4f60feb90b7fcef8443b1
https://github.com/night-0p/anh/blob/main/Landray%20OA/FileDownload.md

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

17-07-2025 - 21:15

Objavljeno

17-07-2025 - 16:15