Invia #712754: lin-cms-tp5 1.0 Unrestricted Uploadinformazioni

Titololin-cms-tp5 1.0 Unrestricted Upload
DescrizioneThe file upload interface (POST /cms/file) provided by the CMS module has insufficient checks on the type/content of uploaded files, allowing anonymous users (frontend) to upload arbitrary files and save them to a publicly accessible directory (public/uploads). Attackers can upload files with arbitrary extensions, and if the server does not restrict execution or allows script execution in the upload directory, this could lead to serious consequences such as remote code execution (RCE), persistent backdoors, and information leakage.
Fonte⚠️ https://github.com/ChenJinchuang/lin-cms-tp5/issues/65
Utente
 formanagain (UID 93347)
Sottomissione11/12/2025 07:33 (6 mesi fa)
Moderazione27/12/2025 10:13 (16 days later)
StatoAccettato
Voce VulDB338507 [ChenJinchuang Lin-CMS-TP5 fino a 0.3.3 File Upload LocalUploader.php upload escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!