Submit #711702: XCMS 1.1 Unrestricted Uploadinfo

TitelXCMS 1.1 Unrestricted Upload
BeschreibungXCMS's backend file upload interface lacks strict validation of uploaded file types, content, and file extensions. Attackers can upload malicious files of any format (such as PHP webshells) after logging in. Once uploaded successfully, attackers can directly access and execute the file via HTTP requests, ultimately leading to remote code execution.
Quelle⚠️ https://gitee.com/jackq/XCMS/issues/IDC5C8
Benutzer
 formanagain (UID 93347)
Einreichung10.12.2025 09:36 (vor 6 Monaten)
Moderieren27.12.2025 00:14 (17 days later)
StatusAkzeptiert
VulDB Eintrag338481 [jackq XCMS bis 3fab5342cc509945a7ce1b8ec39d19f701b89261 Backend ProductImageController.class.php upload Datei erweiterte Rechte]
Punkte18

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!