| 제목 | LightPicture LightPicture <=v1.2.2 Post-Authentication File Upload |
|---|
| 설명 | LightPicture, in versions up to and including v1.2.2, has a Post-Authentication File Upload vulnerability. This issue arises from the application's functionality in the /#/setup/admin page, which allows users to set the extension name of the file that can be uploaded. By exploiting this vulnerability, an attacker can upload a PHP file to the server, potentially leading to remote code execution. The affected files are located in /app/controller/Setup.php and /app/services/UploadClass.php. |
|---|
| 원천 | ⚠️ https://note.zhaoj.in/share/FeCRflSHPLbj |
|---|
| 사용자 | glzjin (UID 59815) |
|---|
| 제출 | 2024. 02. 25. AM 05:27 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 02. 27. AM 08:28 (2 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 254856 [osuuu LightPicture 까지 1.2.2 Setup.php 권한 상승] |
|---|
| 포인트들 | 20 |
|---|