| 제목 | lin-cms-tp5 1.0 Unrestricted Upload |
|---|
| 설명 | The file upload interface (POST /cms/file) provided by the CMS module has insufficient checks on the type/content of uploaded files, allowing anonymous users (frontend) to upload arbitrary files and save them to a publicly accessible directory (public/uploads). Attackers can upload files with arbitrary extensions, and if the server does not restrict execution or allows script execution in the upload directory, this could lead to serious consequences such as remote code execution (RCE), persistent backdoors, and information leakage. |
|---|
| 원천 | ⚠️ https://github.com/ChenJinchuang/lin-cms-tp5/issues/65 |
|---|
| 사용자 | formanagain (UID 93347) |
|---|
| 제출 | 2025. 12. 11. AM 07:33 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 27. AM 10:13 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 338507 [ChenJinchuang Lin-CMS-TP5 까지 0.3.3 File Upload LocalUploader.php upload 파일 권한 상승] |
|---|
| 포인트들 | 20 |
|---|