| Title | YunyouCMS YunyouCMS <=2.2.6 Arbitrary File Include |
|---|
| Description | Yunyou CMS version 2.2.6 and earlier has a critical Arbitrary File Include vulnerability in the file /app/index/controller/Common.php. This flaw allows an attacker to upload arbitrary PHP code disguised as a PNG file via the 'templateFile' parameter. The uploaded file can then be executed by including it in the system through the 'buildHtml' function. This vulnerability can lead to Remote Code Execution (RCE), enabling an attacker to take control of the server, potentially leading to unauthorized access, data breach, and other serious consequences. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/FO8AL78oAeTS |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/14/2024 15:35 (2 years ago) |
|---|
| Moderation | 01/17/2024 14:45 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 251374 [Yunyou CMS up to 2.2.6 Common.php templateFile unrestricted upload] |
|---|
| Points | 20 |
|---|