| عنوان | DedeBIZ DedeBIZ <=6.2.12 file upload |
|---|
| الوصف | When logging into the backend as an administrator, we can upload files in the attachment management section. Here, we can upload files, and the backend likely detects whether the uploaded file is an image based on its file signature. However, this means we can upload arbitrary PHP files, potentially leading to command execution. |
|---|
| المصدر | ⚠️ https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20file%20upload/README.md |
|---|
| المستخدم | JTZ- (UID 59232) |
|---|
| ارسال | 20/12/2023 06:25 AM (3 سنوات منذ) |
|---|
| الاعتدال | 29/12/2023 11:20 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 249368 [Muyun DedeBIZ حتى 6.2.12 Add Attachment تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|