| 제목 | YunyouCMS YunyouCMS <=2.2.6 Arbitrary File Include |
|---|
| 설명 | Yunyou CMS version 2.2.6 and earlier has a critical Arbitrary File Include vulnerability in the file /app/index/controller/Common.php. This flaw allows an attacker to upload arbitrary PHP code disguised as a PNG file via the 'templateFile' parameter. The uploaded file can then be executed by including it in the system through the 'buildHtml' function. This vulnerability can lead to Remote Code Execution (RCE), enabling an attacker to take control of the server, potentially leading to unauthorized access, data breach, and other serious consequences. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/FO8AL78oAeTS |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 01. 14. PM 03:35 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 01. 17. PM 02:45 (3 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 251374 [Yunyou CMS 까지 2.2.6 Common.php templateFile 권한 상승] |
|---|
| 포인트들 | 20 |
|---|