| Titolo | Fastcms V0.1 anyfile upload background |
|---|
| Descrizione | There is a file upload location in the fastcms background, and there is no suffix and content restriction, so that any file can be uploaded, and all uploaded file names, suffix names and upload paths are freely controlled by the user. You can upload crontab and other files to overwrite, and tamper with system and other configuration files to execute commands. There is a risk. For details of uploading attachments, see password.zip in the link |
|---|
| Fonte | ⚠️ https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md |
|---|
| Utente | yanfei.chen (UID 39837) |
|---|
| Sottomissione | 02/02/2023 08:29 (3 anni fa) |
|---|
| Moderazione | 02/02/2023 14:42 (6 hours later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 220038 [FastCMS 0.1.0 Template Management escalationi di privilegi] |
|---|
| Punti | 20 |
|---|