Enviar #388363: dedebiz.com DedeBIZ v6.3.0 FileUploadinformación

Títulodedebiz.com DedeBIZ v6.3.0 FileUpload
DescripciónAn attacker can modify the settings on the admin configuration page to allow the upload of images with the .phtml extension. Then, they can upload a malicious .phtml file through the "/admin/dialog/select_images_post.php" page.
Fuente⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md
Usuario
 Dee.Mirage (UID 71702)
Sumisión2024-08-09 05:38 (hace 2 años)
Moderación2024-08-17 19:06 (9 days later)
EstadoAceptado
Entrada de VulDB275032 [DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type Subir escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!