| Titre | givanz Vvveb Vvveb 1.0.7.2 File Upload |
|---|
| Description | A critical file upload vulnerability in Vvveb CMS allows attackers to bypass security controls by appending special characters to file extensions (e.g., .svg/). This enables upload of malicious SVG+XML files containing JavaScript payloads. The vulnerability can be exploited through multiple attack vectors: direct admin access to uploaded files, iframe injection in posts/pages/products, or plugin code editor functionality. Successful exploitation allows attackers to execute XSS attacks that can create superadministrator accounts, upload and activate malicious plugins, and ultimately achieve remote code execution on the server. The attack chain demonstrates complete system compromise from initial file upload to reverse shell access. |
|---|
| La source | ⚠️ https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec |
|---|
| Utilisateur | KhanMarshal (UID 89610) |
|---|
| Soumission | 17/09/2025 12:11 (il y a 7 mois) |
|---|
| Modérer | 26/09/2025 10:24 (9 days later) |
|---|
| Statut | Accepté |
|---|
| Entrée VulDB | 325965 [givanz Vvveb jusqu’à 1.0.7.2 SVG File cross site scripting] |
|---|
| Points | 20 |
|---|