| Titre | Open source ERP inventory and sales system has file upload vulnerability |
|---|
| Description | In application/controllers/basedata/inventory. php, the uploadImages function of ERP controls the file upload. When uploading the file, no verification is performed on the uploaded file, which results in the normal parsing of the uploaded PHP script file. The uploaded PHP file is saved in the path/data/upfile/tools/. Use the webshell tool to connect the uploaded PHP file, and then you can get the shell |
|---|
| La source | ⚠️ https://github.com/jerryhanjj/ERP/issues/3 |
|---|
| Utilisateur | ace. (UID 34853) |
|---|
| Soumission | 08/11/2022 13:46 (il y a 4 ans) |
|---|
| Modérer | 11/11/2022 08:34 (3 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 213451 [jerryhanjj ERP Commodity Management inventory.php uploadImages élévation de privilèges] |
|---|
| Points | 19 |
|---|