| Название | OpenBi OpenBi <=1.0.8 Pre-authentication arbitrary file upload |
|---|
| Описание | The OpenBi application, as of version 1.0.8, has a pre-authentication arbitrary file upload vulnerability in the Unity.php file. This vulnerability allows an attacker to upload a malicious file to the server, which can then be executed to potentially compromise the system. The file upload function, 'uploadIcon', does not properly validate the uploaded file, leading to this vulnerability. After successfully uploading a file, the attacker can access and execute it, which poses a significant security risk. |
|---|
| Источник | ⚠️ https://note.zhaoj.in/share/hPSx8li8LFfJ |
|---|
| Пользователь | glzjin (UID 59815) |
|---|
| Представление | 31.01.2024 03:08 (2 лет назад) |
|---|
| Модерация | 31.01.2024 14:10 (11 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 252471 [openBI до 1.0.8 Unity.php uploadUnity Файл эскалация привилегий] |
|---|
| Баллы | 20 |
|---|