CVE-2022-35857
Published
CVSS v3
9.8
CRITICAL
CVSS v2
N/A
Affected
1
PROJECT
Description
kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. The rememberMe parameter is encrypted with a hardcoded key from the com.kalvin.kvf.common.shiro.ShiroConfig file.
kvf-admin是一套基于springboot、mybatis、shiro及layui的轻量级快速开发框架、脚手架、后台管理系统、权限系统、基于activiti6整合的工作流OA系统,上手简单,拿来即用。
GitHub