Submeter #280599: TemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creationinformação

TítuloTemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation
DescriçãoThe TemmokuMVC system, version 2.3 and below, has an Arbitrary File Creation vulnerability in the images_get_down.php file. This vulnerability arises from the system parsing and downloading all image tags in an article to local storage, including URLs with a PHP suffix. An attacker can exploit this by starting a server that responds with PHP code disguised as an image, which gets saved on the server. The attacker can then brute force the filename to execute the arbitrary PHP code, leading to Remote Code Execution (RCE).
Fonte⚠️ https://note.zhaoj.in/share/OrBH8zLKUPOA
Utilizador
 glzjin (UID 59815)
Submissão11/02/2024 16h15 (há 2 anos)
Moderação22/02/2024 15h35 (11 days later)
EstadoAceite
Entrada VulDB254532 [TemmokuMVC até 2.3 Image Download lib/images_get_down.php get_img_url/img_replace Elevação de Privilégios]
Pontos20

Do you need the next level of professionalism?

Upgrade your account now!