| عنوان | YunyouCMS YunyouCMS <=2.2.6 Arbitrary File Include |
|---|
| الوصف | Yunyou CMS version 2.2.6 and earlier has a critical Arbitrary File Include vulnerability in the file /app/index/controller/Common.php. This flaw allows an attacker to upload arbitrary PHP code disguised as a PNG file via the 'templateFile' parameter. The uploaded file can then be executed by including it in the system through the 'buildHtml' function. This vulnerability can lead to Remote Code Execution (RCE), enabling an attacker to take control of the server, potentially leading to unauthorized access, data breach, and other serious consequences. |
|---|
| المصدر | ⚠️ https://note.zhaoj.in/share/FO8AL78oAeTS |
|---|
| المستخدم | glzjin (UID 59815) |
|---|
| ارسال | 14/01/2024 03:35 PM (2 سنوات منذ) |
|---|
| الاعتدال | 17/01/2024 02:45 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 251374 [Yunyou CMS حتى 2.2.6 Common.php templateFile تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|