제출 #280599: TemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation정보

제목TemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation
설명The TemmokuMVC system, version 2.3 and below, has an Arbitrary File Creation vulnerability in the images_get_down.php file. This vulnerability arises from the system parsing and downloading all image tags in an article to local storage, including URLs with a PHP suffix. An attacker can exploit this by starting a server that responds with PHP code disguised as an image, which gets saved on the server. The attacker can then brute force the filename to execute the arbitrary PHP code, leading to Remote Code Execution (RCE).
원천⚠️ https://note.zhaoj.in/share/OrBH8zLKUPOA
사용자
 glzjin (UID 59815)
제출2024. 02. 11. PM 04:15 (2 연령 ago)
모더레이션2024. 02. 22. PM 03:35 (11 days later)
상태수락
VulDB 항목254532 [TemmokuMVC 까지 2.3 Image Download lib/images_get_down.php get_img_url/img_replace 권한 상승]
포인트들20

Do you want to use VulDB in your project?

Use the official API to access entries easily!