Submit #419222: 零起飞 07FlyCms 1.3.8 FileUploadinfo

Titel零起飞 07FlyCms 1.3.8 FileUpload
BeschreibungIn the background of 07flycms, you can customize the upload module plug-in. There are file restrictions in the front-end js, but the uploaded files and file contents are not filtered on the server. As a result, attackers can directly upload webshell files after disabling the front-end js in the browser.
Quelle⚠️ https://github.com/DeepMountains/zzz/blob/main/CVE6-1.md
Benutzer
 chenzijie0619 (UID 74657)
Einreichung07.10.2024 03:29 (vor 2 Jahren)
Moderieren11.10.2024 08:35 (4 days later)
StatusAkzeptiert
VulDB Eintrag280051 [07FLYCMS/07FLY-CMS/07FlyCRM 1.3.8 Module Plug-In sysmodule_1 uploadFile Datei erweiterte Rechte]
Punkte17

Do you want to use VulDB in your project?

Use the official API to access entries easily!