| Title | OpenBi OpenBi <=1.0.8 Arbitrary file upload |
|---|
| Description | The OpenBI software, version 1.0.8 and below, has a pre-authentication arbitrary file upload vulnerability in its file handling mechanism. Specifically, the uploadFile function in /application/index/controller/File.php does not properly validate the type of files being uploaded. This allows an attacker to upload a malicious file, such as a PHP script, which can then be executed on the server. This vulnerability provides a potential avenue for unauthorized system access or data manipulation. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/ABYkFE4wRPW5 |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/29/2024 10:57 (2 years ago) |
|---|
| Moderation | 01/29/2024 15:10 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252309 [openBI up to 1.0.8 File.php uploadFile unrestricted upload] |
|---|
| Points | 20 |
|---|