| Titre | 石家庄公诚勤朴科技有限公司 Dreamer CMS 4.1.3 File Upload/code execution/xss |
|---|
| Description | Modify filename to achieve any file upload, upload html code, execute, execute xss to obtain other users cooikes, csrf man-in the-middle attack, mount phishing websites and malicious networks |
|---|
| La source | ⚠️ https://github.com/sweatxi/BugHub/blob/main/Dreamer-CMS.pdf |
|---|
| Utilisateur | hexixi (UID 59932) |
|---|
| Soumission | 13/12/2023 06:08 (il y a 2 ans) |
|---|
| Modérer | 24/12/2023 08:57 (11 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 248938 [Dreamer CMS 4.1.3 /upload/uploadFile Fichier élévation de privilèges] |
|---|
| Points | 16 |
|---|