| Título | OpenBi OpenBi <=1.0.8 Pre-authentication arbitrary file upload |
|---|
| Descripción | The OpenBi application, as of version 1.0.8, has a pre-authentication arbitrary file upload vulnerability in the Unity.php file. This vulnerability allows an attacker to upload a malicious file to the server, which can then be executed to potentially compromise the system. The file upload function, 'uploadIcon', does not properly validate the uploaded file, leading to this vulnerability. After successfully uploading a file, the attacker can access and execute it, which poses a significant security risk. |
|---|
| Fuente | ⚠️ https://note.zhaoj.in/share/hPSx8li8LFfJ |
|---|
| Usuario | glzjin (UID 59815) |
|---|
| Sumisión | 2024-01-31 03:08 (hace 2 años) |
|---|
| Moderación | 2024-01-31 14:10 (11 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 252471 [openBI hasta 1.0.8 Unity.php uploadUnity Archivo escalada de privilegios] |
|---|
| Puntos | 20 |
|---|