Submit #685028: Bdtask News365 – PHP Newspaper Script Magazine Blog with Video Newspaper 7.0.3 Unrestricted File Uploadinfo

TitelBdtask News365 – PHP Newspaper Script Magazine Blog with Video Newspaper 7.0.3 Unrestricted File Upload
BeschreibungAn Unrestricted File Upload vulnerability exists in the admin panel's profile management section of News365 version 7.0.3. The file upload functionality for the 'profile_image' and 'banner_image' parameters fails to properly validate file extensions or content types. This allows an authenticated administrator to upload a malicious script, such as a PHP web shell, to a web-accessible directory. An attacker can then execute the uploaded file by navigating to its direct URL, leading to Remote Code Execution (RCE) and full server compromise.
Quelle⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/5
Benutzer
 4m3rr0r (UID 85795)
Einreichung29.10.2025 16:34 (vor 8 Monaten)
Moderieren14.11.2025 13:59 (16 days later)
StatusAkzeptiert
VulDB Eintrag332473 [Bdtask/CodeCanyon News365 bis 7.0.3 /admin/dashboard/profile profile_image/banner_image erweiterte Rechte]
Punkte20

ZurückÜbersichtWeiter

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!