| タイトル | OpenBi OpenBi <=1.0.8 Pre-authentication arbitrary file upload |
|---|
| 説明 | The OpenBi application, as of version 1.0.8, has a pre-authentication arbitrary file upload vulnerability in the Unity.php file. This vulnerability allows an attacker to upload a malicious file to the server, which can then be executed to potentially compromise the system. The file upload function, 'uploadIcon', does not properly validate the uploaded file, leading to this vulnerability. After successfully uploading a file, the attacker can access and execute it, which poses a significant security risk. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/hPSx8li8LFfJ |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月31日 03:08 (2 年 ago) |
|---|
| モデレーション | 2024年01月31日 14:10 (11 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 252471 [openBI 迄 1.0.8 Unity.php uploadUnity ファイル 特権昇格] |
|---|
| ポイント | 20 |
|---|