Yonyou Mobile System Management Arbitrary File Read Vulnerability with Batch Verification PoC
The DownloadServlet endpoint in Yonyou Mobile System Management contains an arbitrary file read vulnerability. A attacker can craft a specially formatted HTTP request to retreive arbitrary files from the server, including sensitive configuration files and system data. Affected Endpoint /mobsm/common...