| 제목 | givanz Vvveb Vvveb 1.0.7.2 File Upload |
|---|
| 설명 | A critical file upload vulnerability in Vvveb CMS allows attackers to bypass security controls by appending special characters to file extensions (e.g., .svg/). This enables upload of malicious SVG+XML files containing JavaScript payloads. The vulnerability can be exploited through multiple attack vectors: direct admin access to uploaded files, iframe injection in posts/pages/products, or plugin code editor functionality. Successful exploitation allows attackers to execute XSS attacks that can create superadministrator accounts, upload and activate malicious plugins, and ultimately achieve remote code execution on the server. The attack chain demonstrates complete system compromise from initial file upload to reverse shell access. |
|---|
| 원천 | ⚠️ https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec |
|---|
| 사용자 | KhanMarshal (UID 89610) |
|---|
| 제출 | 2025. 09. 17. PM 12:11 (7 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 26. AM 10:24 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 325965 [givanz Vvveb 까지 1.0.7.2 SVG File 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|