إرسال #388363: dedebiz.com DedeBIZ v6.3.0 FileUploadالمعلومات

عنوان	dedebiz.com DedeBIZ v6.3.0 FileUpload
الوصف	An attacker can modify the settings on the admin configuration page to allow the upload of images with the .phtml extension. Then, they can upload a malicious .phtml file through the "/admin/dialog/select_images_post.php" page.
المصدر	⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md
المستخدم	Dee.Mirage (UID 71702)
ارسال	09/08/2024 05:38 AM (2 سنوات منذ)
الاعتدال	17/08/2024 07:06 PM (9 days later)
الحالة	تمت الموافقة
إدخال VulDB	275032 [DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type تحميل تجاوز الصلاحيات]
النقاط	17

Do you know our Splunk app?

Download it now for free!