| Titel | File upload vulnerability exists in background article publishing |
|---|
| Beschreibung | A vulnerability has been discovered in php-basic-cms that is classified as serious. If the uploaded files are not strictly verified and filtered, malicious script files may be uploaded to take over the entire website or even the server.
There is an add article screen in /admin background. The file type is not verified when the image file is uploaded. Construct the webshel file 1.php. After uploading, the path of webshell is /img/1.php
By connecting to webshell, you can control the entire server |
|---|
| Quelle | ⚠️ https://github.com/goodric/php-basic/blob/main/README.md |
|---|
| Benutzer | goodric (UID 43258) |
|---|
| Einreichung | 26.03.2023 15:39 (vor 3 Jahren) |
|---|
| Moderieren | 27.03.2023 22:57 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 224105 [php-basic-cms /admin erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|