| 제목 | Fastcms V0.1 anyfile upload background |
|---|
| 설명 | There is a file upload location in the fastcms background, and there is no suffix and content restriction, so that any file can be uploaded, and all uploaded file names, suffix names and upload paths are freely controlled by the user. You can upload crontab and other files to overwrite, and tamper with system and other configuration files to execute commands. There is a risk. For details of uploading attachments, see password.zip in the link |
|---|
| 원천 | ⚠️ https://github.com/linmoren/fastcms_bug/blob/main/template_files_upload.md |
|---|
| 사용자 | yanfei.chen (UID 39837) |
|---|
| 제출 | 2023. 02. 02. AM 08:29 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 02. 02. PM 02:42 (6 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 220038 [FastCMS 0.1.0 Template Management 권한 상승] |
|---|
| 포인트들 | 20 |
|---|