| Название | givanz Vvveb Vvveb 1.0.7.2 File Upload |
|---|
| Описание | A critical file upload vulnerability in Vvveb CMS allows attackers to bypass security controls by appending special characters to file extensions (e.g., .svg/). This enables upload of malicious SVG+XML files containing JavaScript payloads. The vulnerability can be exploited through multiple attack vectors: direct admin access to uploaded files, iframe injection in posts/pages/products, or plugin code editor functionality. Successful exploitation allows attackers to execute XSS attacks that can create superadministrator accounts, upload and activate malicious plugins, and ultimately achieve remote code execution on the server. The attack chain demonstrates complete system compromise from initial file upload to reverse shell access. |
|---|
| Источник | ⚠️ https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec |
|---|
| Пользователь | KhanMarshal (UID 89610) |
|---|
| Представление | 17.09.2025 12:11 (7 месяцы назад) |
|---|
| Модерация | 26.09.2025 10:24 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 325965 [givanz Vvveb до 1.0.7.2 SVG File межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|