| タイトル | OpenBi OpenBi <=1.0.8 Pre-Authentication Arbitrary File Creation |
|---|
| 説明 | The OpenBI software, specifically in file /application/index/controller/Screen.php, has a Pre-Authentication Arbitrary File Creation vulnerability. This flaw allows an attacker to create a zip file with arbitrary PHP code, which can be executed when accessed. This essentially leads to Remote Code Execution (RCE). The vulnerability has been confirmed in versions up to and including 1.0.8. |
|---|
| ソース | ⚠️ https://note.zhaoj.in/share/Liu1nbjddxu4 |
|---|
| ユーザー | glzjin (UID 59815) |
|---|
| 送信 | 2024年01月31日 07:55 (2 年 ago) |
|---|
| モデレーション | 2024年01月31日 14:10 (6 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 252475 [openBI 迄 1.0.8 Screen.php index fileurl 特権昇格] |
|---|
| ポイント | 19 |
|---|