Enviar #181597: There is a backend getshell vulnerability in Easyadmin8información

TítuloThere is a backend getshell vulnerability in Easyadmin8
Descripción Enter the backend, find the configuration options, and add the upload type PHP http://localhost/admin/index/index.html#/admin/system.uploadfile/index.html Click on product management options: http://www.easyadmin8.com/admin/index/index.html#/admin/mall.goods/index.html add a new product click image icon upload a.php then getshell Fix for file upload vulnerability: The upload module needs to exist on the website, and permission authentication needs to be done to prevent anonymous users from accessing it. The file upload directory is set to prohibit script file execution. Even if the dynamic script of the uploaded backdoor cannot be parsed, causing the attacker to abandon this attack path. Set up a whitelist for uploading, which only allows images to be uploaded, such as jpg png gif. Other files are not allowed to be uploaded. The uploaded suffix name must be set to an image format such as jpg png gif.
Fuente⚠️ https://github.com/wolf-leo/EasyAdmin8/issues/1
Usuario
 XMAO (UID 18088)
Sumisión2023-07-12 13:15 (hace 3 años)
Moderación2023-07-20 10:18 (8 days later)
EstadoAceptado
Entrada de VulDB235068 [EasyAdmin8 2.0.2.2 File Upload index.html escalada de privilegios]
Puntos20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!