Отправить #263253: Likeshop Likeshop ≤2.5.7.20210311 Pre-authentication arbitrary file uploadИнформация

НазваниеLikeshop Likeshop ≤2.5.7.20210311 Pre-authentication arbitrary file upload
ОписаниеThe LikeShop application, specifically version 2.5.7.20210311 and possibly earlier, is vulnerable to a pre-authentication arbitrary file upload vulnerability within the `File.php` controller. An attacker can exploit this vulnerability by sending a crafted POST request to the `FileServer::userFormImage` function, allowing the upload of a PHP file without proper validation. This uploaded PHP file can then be executed on the server, leading to remote code execution (RCE). This vulnerability was disclosed by a researcher known as glzjin.
Источник⚠️ https://note.zhaoj.in/share/ciwYj7QXC4sZ
Пользователь
 glzjin (UID 59815)
Представление06.01.2024 17:32 (2 лет назад)
Модерация09.01.2024 15:20 (3 days later)
Статуспринято
Запись VulDB250120 [Likeshop до 2.5.7.20210311 HTTP POST Request File.php userFormImage Файл эскалация привилегий]
Баллы20

Want to know what is going to be exploited?

We predict KEV entries!