| عنوان | YiFang CMS 2.0.5 Unrestricted Upload |
|---|
| الوصف | The core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload. |
|---|
| المصدر | ⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md |
|---|
| المستخدم | Yu Bao (UID 88956) |
|---|
| ارسال | 12/08/2025 03:46 PM (11 أشهر منذ) |
|---|
| الاعتدال | 24/08/2025 04:47 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 321236 [YiFang CMS حتى 2.0.5 P_file.php mergeMultipartUpload ملف تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|