File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ [basic ]
2+ description = " 安全生产数字化管理平台的文件上传功能存在未授权访问缺陷,未对上传文件类型、名称和内容进行有效限制,导致远程攻击者可通过上传恶意脚本文件(如aspx)并解析执行,直接获取服务器控制权限。攻击者无需任何认证即可利用此漏洞,危害较大。"
3+ published = " 2023-12-15"
4+ remediation = " 在服务端对上传文件进行类型白名单校验,只允许指定安全类型文件上传;使用随机化重命名方式存储文件,避免使用原始文件名;对上传文件内容进行恶意代码扫描检测;将上传目录权限设置为最小化,禁止脚本解析执行权限。"
5+ score = 7.5
6+ severity = " HIGH"
7+ sources = [
8+ " nuclei" ,
9+ " cnvd" ,
10+ ]
11+ title = " 江苏迈威安全生产数字化管理平台任意文件上传漏洞"
12+ updated = " 2026-07-14"
13+
14+ [exploit ]
15+ exp_urls = []
16+ poc_urls = []
17+
18+ [id ]
19+ aliases = [
20+ " NUCLEI-HTTP-CNVD-2023-CNVD-2023-96945-YAML" ,
21+ " CNVD-2023-96945" ,
22+ ]
23+ ave_id = " AVE-2023-0119"
24+
25+ [meta ]
26+ collected_at = " 2026-07-14T23:09:28.816738+00:00"
27+ status = " completed"
28+
29+ [references ]
30+ urls = [
31+ " https://blog.csdn.net/weixin_42628854/article/details/136036109" ,
32+ " https://www.cnvd.org.cn/flaw/show/CNVD-2023-96945" ,
33+ ]
You can’t perform that action at this time.
0 commit comments