| Título | OpenBi OpenBi <=1.0.8 Pre-authentication arbitrary file upload |
|---|
| Descrição | The OpenBi application, as of version 1.0.8, has a pre-authentication arbitrary file upload vulnerability in the Unity.php file. This vulnerability allows an attacker to upload a malicious file to the server, which can then be executed to potentially compromise the system. The file upload function, 'uploadIcon', does not properly validate the uploaded file, leading to this vulnerability. After successfully uploading a file, the attacker can access and execute it, which poses a significant security risk. |
|---|
| Fonte | ⚠️ https://note.zhaoj.in/share/hPSx8li8LFfJ |
|---|
| Utilizador | glzjin (UID 59815) |
|---|
| Submissão | 31/01/2024 03h08 (há 2 anos) |
|---|
| Moderação | 31/01/2024 14h10 (11 hours later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 252471 [openBI até 1.0.8 Unity.php uploadUnity Ficheiro Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|