| Titel | YiFang YiFang CMS V2.0.0 Arbitrary File Upload |
|---|
| Beschreibung | YiFang CMS has a arbitrary file upload vulnerability in the webUploader method of app/app/controller/File.php, where attackers can upload webshells to gain server privileges。
**You can download the product source code in https://gitee.com/wanglongcn/yifang.
You can download the product source code in https://gitee.com/wanglongcn/yifang.
You can download the product source code in https://gitee.com/wanglongcn/yifang.**
|
|---|
| Quelle | ⚠️ https://github.com/electroN1chahaha/YifangCMS-V2.0.0-Remote-Code-Execution-RCE-/issues/1 |
|---|
| Benutzer | electroN1c (UID 85481) |
|---|
| Einreichung | 18.09.2025 08:15 (vor 7 Monaten) |
|---|
| Moderieren | 28.09.2025 17:47 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 326213 [YiFang CMS bis 2.0.2 Backend File.php webUploader uploadpath erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|