Отправить #280599: TemmokuMVC TemmokuMVC <=2.3 Arbitrary File CreationИнформация

НазваниеTemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation
ОписаниеThe TemmokuMVC system, version 2.3 and below, has an Arbitrary File Creation vulnerability in the images_get_down.php file. This vulnerability arises from the system parsing and downloading all image tags in an article to local storage, including URLs with a PHP suffix. An attacker can exploit this by starting a server that responds with PHP code disguised as an image, which gets saved on the server. The attacker can then brute force the filename to execute the arbitrary PHP code, leading to Remote Code Execution (RCE).
Источник⚠️ https://note.zhaoj.in/share/OrBH8zLKUPOA
Пользователь
 glzjin (UID 59815)
Представление11.02.2024 16:15 (2 лет назад)
Модерация22.02.2024 15:35 (11 days later)
Статуспринято
Запись VulDB254532 [TemmokuMVC до 2.3 Image Download lib/images_get_down.php get_img_url/img_replace эскалация привилегий]
Баллы20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!