| Название | YiFang CMS 2.0.5 Unrestricted Upload |
|---|
| Описание | The core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload. |
|---|
| Источник | ⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md |
|---|
| Пользователь | Yu Bao (UID 88956) |
|---|
| Представление | 12.08.2025 15:46 (11 месяцы назад) |
|---|
| Модерация | 24.08.2025 16:47 (12 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 321236 [YiFang CMS до 2.0.5 P_file.php mergeMultipartUpload Файл эскалация привилегий] |
|---|
| Баллы | 18 |
|---|