cve/CVE-2022-31259.md at f1f1f9a798d36fa0748d135c6fe5299cdbcc69fb

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-01 11:10:36 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/runner361/CVE-List

733 B Raw Blame History

CVE-2022-31259

Description

POC

Reference

Github

733 B

Raw Blame History