| Titel | givanz Vvveb 1.0.7.2 External Control of File Name or Path |
|---|
| Beschreibung | In Vvveb CMS latest version x.x.x.x (Vvveb1.0.7.2/system/traits/media.php) , users can directly rename the file, and there is no restriction on the file suffix. Then upload a file with normal suffix such as txt, and then rename it to a php file to RCE. |
|---|
| Quelle | ⚠️ https://github.com/August829/Yu/blob/main/20250812_2.md |
|---|
| Benutzer | Yu Bao (UID 88956) |
|---|
| Einreichung | 12.08.2025 15:25 (vor 9 Monaten) |
|---|
| Moderieren | 24.08.2025 16:42 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 321233 [givanz Vvveb bis 1.0.7.2 /system/traits/media.php files[] erweiterte Rechte] |
|---|
| Punkte | 18 |
|---|