Description

Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.

Remediation

References

https://carl1l.github.io/2023/05/08/jeecg-p3-biz-chat-1-0-5-jar-has-arbitrary-file-read-vulnerability/

Related Vulnerabilities

CVE-2022-30500 Vulnerability in maven package com.jflyfox:jflyfox_jfinal

CVE-2022-34169 Vulnerability in maven package xalan:xalan

CVE-2022-21213 Vulnerability in npm package mout

CVE-2020-7737 Vulnerability in npm package safetydance

CVE-2021-25933 Vulnerability in maven package org.opennms:opennms-webapp

Severity

High

Classification

CWE-668 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory