Invia #95974: Fastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writinginformazioni

TitoloFastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writing
DescrizioneThe unzip method in the Fastcms system theme upload interface contains a directory traversal vulnerability, Through a carefully crafted malicious zip package containing "../../../.ssh/authorized_keys" in the file name, it is easy to bypass the detection mechanism of Fastcms, thus achieving the purpose of getting server privileges.
Fonte⚠️ https://github.com/ha1yuYiqiyinHangzhouTechn0logy/fastcms/blob/main/README.md
Utente
 ha1yuYiqiyinHangzhouTechn0logy (UID 41995)
Sottomissione28/02/2023 16:16 (3 anni fa)
Moderazione06/03/2023 08:21 (6 days later)
StatoAccettato
Voce VulDB222363 [fastcms ZIP File TemplateController.java directory traversal]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!