Отправить #834849: Dcat-Admin <2.2.2-beta Unrestricted UploadИнформация

Название	Dcat-Admin <2.2.2-beta Unrestricted Upload
Описание	A vulnerability was found in Dcat-Admin 2.2.3-beta. It has been rated as problematic. Dcat-admin v2.2.3-beta and earlier versions contain a file upload vulnerability in /admin/dcat-api/editor-md/upload. Attackers can construct malicious PHP files, upload them via `/admin/dcat-api/editor-md/upload`, and trigger parsing. editorMDUpload has no security checks. Successful exploitation allows arbitrary PHP code execution and gain of control of the server.
Источник	⚠️ https://www.yuque.com/u25169484/wroc9b/co6eg4x23xkfesng
Пользователь	OoooY (UID 63295)
Представление	21.05.2026 11:08 (23 дни назад)
Модерация	08.06.2026 22:16 (18 days later)
Статус	принято
Запись VulDB	369302 [Dcat-Admin до 2.2.3-beta User Setting Page upload editorMDUpload editormd-image-file эскалация привилегий]
Баллы	20

Do you want to use VulDB in your project?

Use the official API to access entries easily!