| عنوان | XCMS 1.0 Unrestricted Upload |
|---|
| الوصف | XCMS's front-end file upload interface lacks strict validation of uploaded file type, content, and file extension. Attackers can upload malicious files of any format (such as PHP webshells) without logging in. After a successful upload, the file can be accessed and executed directly via an HTTP request, ultimately leading to remote code execution. |
|---|
| المصدر | ⚠️ https://gitee.com/jackq/XCMS/issues/IDC4ZT |
|---|
| المستخدم | formanagain (UID 93347) |
|---|
| ارسال | 10/12/2025 09:12 AM (6 أشهر منذ) |
|---|
| الاعتدال | 27/12/2025 12:14 AM (17 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 338480 [jackq XCMS حتى 3fab5342cc509945a7ce1b8ec39d19f701b89261 upload.php تجاوز الصلاحيات] |
|---|
| النقاط | 18 |
|---|