| Titolo | Company Website CMS Dashboard Exists Arbitrary File Upload |
|---|
| Descrizione | Company Website CMS Dashboard Exists Arbitrary File Upload
Each file upload page in the background allows arbitrary file uploads. After the attacker enters the background, he can upload a webshell to control the server.
Arbitrary file upload vulnerability exists in the following access paths:
/dashboard/createblog
/dashboard/createservice
/dashboard/createportfolio
/dashboard/createslide
/dashboard/newtestimony
/dashboard/logo |
|---|
| Fonte | ⚠️ https://github.com/Jamison2022/Company-Website-CMS/blob/main/Company%20Website%20CMS-FileUpload.md |
|---|
| Utente | Jamison (UID 30712) |
|---|
| Sottomissione | 06/08/2022 13:58 (4 anni fa) |
|---|
| Moderazione | 06/08/2022 18:59 (5 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 205817 [SourceCodester Company Website CMS escalationi di privilegi] |
|---|
| Punti | 20 |
|---|