GobyVuls/GobyVuls-Document.md

[# Goby History Update Vulnerability Total Document (Continuously Update) The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.

Updated document date: June 30, 2023

Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability

Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability

Vulnerability	Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability
Chinese name	金蝶云星空 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 任意代码执行漏洞
CVSS core	9.8
FOFA Query (click to view the results directly)	title="金蝶云星空"
Number of assets affected	6729
Description	Kingdee Cloud Starry Sky-Management Center is based on a leading assembleable low-code PaaS platform, which comprehensively serves customers' transformation in R&D, production, marketing, supply chain, finance and other fields.There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.
Impact	There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.

Vulnerability	Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability
Chinese name	畅捷通T+ DownloadProxy.aspx 文件 Path 参数文件读取漏洞
CVSS core	7.5
FOFA Query (click to view the results directly)	body=">