| Description: | | Qiyuesuo is an electronic contract management tool. It helps enterprises and individuals improve the efficiency and security of contract processing by providing the functions of signing, storing and managing contracts online. There is a remote code execution vulnerability in the Qiyuesuo. An unauthenticated attacker can bypass permission authentication by using tomcat's improper path parameter parsing feature to execute malicious code on the target server and obtain server permissions. |