Skip to content

Commit 084b858

Browse files
committed
add: AVE-2023-0119
1 parent 8a6e4dd commit 084b858

1 file changed

Lines changed: 33 additions & 0 deletions

File tree

vulns/2023/AVE-2023-0119.toml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
[basic]
2+
description = "安全生产数字化管理平台的文件上传功能存在未授权访问缺陷,未对上传文件类型、名称和内容进行有效限制,导致远程攻击者可通过上传恶意脚本文件(如aspx)并解析执行,直接获取服务器控制权限。攻击者无需任何认证即可利用此漏洞,危害较大。"
3+
published = "2023-12-15"
4+
remediation = "在服务端对上传文件进行类型白名单校验,只允许指定安全类型文件上传;使用随机化重命名方式存储文件,避免使用原始文件名;对上传文件内容进行恶意代码扫描检测;将上传目录权限设置为最小化,禁止脚本解析执行权限。"
5+
score = 7.5
6+
severity = "HIGH"
7+
sources = [
8+
"nuclei",
9+
"cnvd",
10+
]
11+
title = "江苏迈威安全生产数字化管理平台任意文件上传漏洞"
12+
updated = "2026-07-14"
13+
14+
[exploit]
15+
exp_urls = []
16+
poc_urls = []
17+
18+
[id]
19+
aliases = [
20+
"NUCLEI-HTTP-CNVD-2023-CNVD-2023-96945-YAML",
21+
"CNVD-2023-96945",
22+
]
23+
ave_id = "AVE-2023-0119"
24+
25+
[meta]
26+
collected_at = "2026-07-14T23:09:28.816738+00:00"
27+
status = "completed"
28+
29+
[references]
30+
urls = [
31+
"https://blog.csdn.net/weixin_42628854/article/details/136036109",
32+
"https://www.cnvd.org.cn/flaw/show/CNVD-2023-96945",
33+
]

0 commit comments

Comments
 (0)