Отправить #632535: YiFang CMS 2.0.5 Unrestricted UploadИнформация

НазваниеYiFang CMS 2.0.5 Unrestricted Upload
ОписаниеThe core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload.
Источник⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md
Пользователь
 Yu Bao (UID 88956)
Представление12.08.2025 15:46 (11 месяцы назад)
Модерация24.08.2025 16:47 (12 days later)
Статуспринято
Запись VulDB321236 [YiFang CMS до 2.0.5 P_file.php mergeMultipartUpload Файл эскалация привилегий]
Баллы18

Do you want to use VulDB in your project?

Use the official API to access entries easily!