Submit #388363: dedebiz.com DedeBIZ v6.3.0 FileUploadinfo

Titel	dedebiz.com DedeBIZ v6.3.0 FileUpload
Beschreibung	An attacker can modify the settings on the admin configuration page to allow the upload of images with the .phtml extension. Then, they can upload a malicious .phtml file through the "/admin/dialog/select_images_post.php" page.
Quelle	⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md
Benutzer	Dee.Mirage (UID 71702)
Einreichung	09.08.2024 05:38 (vor 2 Jahren)
Moderieren	17.08.2024 19:06 (9 days later)
Status	Akzeptiert
VulDB Eintrag	275032 [DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type Hochladen erweiterte Rechte]
Punkte	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!