| Title | 115cmsArbitrary file upload vulnerability |
|---|
| Description | There is an arbitrary file upload vulnerability in the 15cmsV4.05 web application. loophole http://x.x.x.x/index.php/admin/content/index HTTP/, the allowed suffix for uploading can be set at the basic configuration of the background function website settings, and then the attachment can be uploaded at the content of the content management article. Any file can be uploaded, and the website can be controlled through webshell |
|---|
| Source | ⚠️ https://github.com/niukongkong/asdasd/blob/master/115cmsArbitrary%20file%20upload%20vulnerability.md |
|---|
| User | clover_01 (UID 42697) |
|---|
| Submission | 03/10/2023 17:13 (3 years ago) |
|---|
| Moderation | 03/10/2023 17:42 (29 minutes later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222738 [Guizhou 115cms 4.2 /admin/content/index unrestricted upload] |
|---|
| Points | 19 |
|---|