| 제목 | YiFang CMS 2.0.5 Unrestricted Upload |
|---|
| 설명 | The core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload. |
|---|
| 원천 | ⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md |
|---|
| 사용자 | Yu Bao (UID 88956) |
|---|
| 제출 | 2025. 08. 12. PM 03:46 (11 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 24. PM 04:47 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 321236 [YiFang CMS 까지 2.0.5 P_file.php mergeMultipartUpload 파일 권한 상승] |
|---|
| 포인트들 | 18 |
|---|