提出 #632535: YiFang CMS 2.0.5 Unrestricted Upload情報

タイトルYiFang CMS 2.0.5 Unrestricted Upload
説明The core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload.
ソース⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md
ユーザー
 Yu Bao (UID 88956)
送信2025年08月12日 15:46 (11 月 ago)
モデレーション2025年08月24日 16:47 (12 days later)
ステータス承諾済み
VulDBエントリ321236 [YiFang CMS 迄 2.0.5 P_file.php mergeMultipartUpload ファイル 特権昇格]
ポイント18

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!