Edit Report

Our sensors found this exploit at:

Below is a copy:

Oracle Business Intelligence Enterprise LFI
# Exploit Title: Oracle Business Intelligence Enterprise Edition / / - 'getPreviewImage' Directory Traversal/Local File Inclusion
# Date: 2020-10-27
# Exploit Author: Ivo Palazzolo (@palaziv)
# Reference:
# Vendor Homepage:
# Software Link:
# Version:,,
# Tested on: SUSE Linux Enterprise Server
# CVE: CVE-2020-14864

# Description
A Directory Traversal vulnerability has been discovered in the 'getPreviewImage' function of Oracle Business Intelligence Enterprise Edition. The 'getPreviewImage' function is used to get a preview image of a previously uploaded theme logo. By manipulating the 'previewFilePath' URL parameter an attacker with access to the administration interface is able to read arbitrary system files.

# PoC

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.