Invia #685028: Bdtask News365 – PHP Newspaper Script Magazine Blog with Video Newspaper 7.0.3 Unrestricted File Uploadinformazioni

TitoloBdtask News365 – PHP Newspaper Script Magazine Blog with Video Newspaper 7.0.3 Unrestricted File Upload
DescrizioneAn Unrestricted File Upload vulnerability exists in the admin panel's profile management section of News365 version 7.0.3. The file upload functionality for the 'profile_image' and 'banner_image' parameters fails to properly validate file extensions or content types. This allows an authenticated administrator to upload a malicious script, such as a PHP web shell, to a web-accessible directory. An attacker can then execute the uploaded file by navigating to its direct URL, leading to Remote Code Execution (RCE) and full server compromise.
Fonte⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/5
Utente
 4m3rr0r (UID 85795)
Sottomissione29/10/2025 16:34 (8 mesi fa)
Moderazione14/11/2025 13:59 (16 days later)
StatoAccettato
Voce VulDB332473 [Bdtask/CodeCanyon News365 fino a 7.0.3 /admin/dashboard/profile profile_image/banner_image escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Want to know what is going to be exploited?

We predict KEV entries!