| Titolo | flusity-CMS Unrestricted Upload of File with Dangerous Type |
|---|
| Descrizione | flusity-CMS is a content management system. There is not enough file filtering on the upload page, so any php file can be uploaded. Webshell can be uploaded to obtain server permissions.
## Affected version:
flusity-CMS
## Vendor:
https://github.com/flusity/flusity-CMS
## Software:
https://github.com/flusity/flusity-CMS
## Vulnerability File:
upload.php |
|---|
| Fonte | ⚠️ https://github.com/flusity/flusity-CMS/issues/4 |
|---|
| Utente | zihe (UID 56943) |
|---|
| Sottomissione | 25/10/2023 14:30 (3 anni fa) |
|---|
| Moderazione | 26/10/2023 20:14 (1 day later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 243643 [flusity CMS core/tools/upload.php handleFileUpload uploaded_file escalationi di privilegi] |
|---|
| Punti | 18 |
|---|