Submeter #95974: Fastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writinginformação

TítuloFastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writing
DescriçãoThe unzip method in the Fastcms system theme upload interface contains a directory traversal vulnerability, Through a carefully crafted malicious zip package containing "../../../.ssh/authorized_keys" in the file name, it is easy to bypass the detection mechanism of Fastcms, thus achieving the purpose of getting server privileges.
Fonte⚠️ https://github.com/ha1yuYiqiyinHangzhouTechn0logy/fastcms/blob/main/README.md
Utilizador
 ha1yuYiqiyinHangzhouTechn0logy (UID 41995)
Submissão28/02/2023 16h16 (há 3 anos)
Moderação06/03/2023 08h21 (6 days later)
EstadoAceite
Entrada VulDB222363 [fastcms ZIP File TemplateController.java Travessia de Diretório]
Pontos19

Want to know what is going to be exploited?

We predict KEV entries!