| Title | YFCMF-TP6-3.0.4 has a Remote Command Execution vulnerability |
|---|
| Description | This vulnerability is entirely caused by thinkphp framework, in yfcmf by default open multi-language(app/admin/controller/Ajax.php), the attacker can use pearcmd file contains to achieve rce.The prerequisite for the exploit is to know the path of the percmd file in the server, if the path is not known then the exploit cannot be performed |
|---|
| Source | ⚠️ https://github.com/HuBenLab/HuBenVulList/blob/main/YFCMF-TP6-3.0.4%20has%20a%20Remote%20Command%20Execution%20(RCE)%20vulnerability%201.md |
|---|
| User | p0ison (UID 37575) |
|---|
| Submission | 06/02/2023 08:50 (3 years ago) |
|---|
| Moderation | 06/02/2023 13:28 (5 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 230542 [YFCMF up to 3.0.4 index.php path traversal] |
|---|
| Points | 18 |
|---|