| Title | OpenBi OpenBi <=1.0.8 Pre-Authentication Arbitrary File Upload |
|---|
| Description | The OpenBI software, version 1.0.8 and earlier, is susceptible to a Pre-Authentication Arbitrary File Upload vulnerability. This vulnerability resides in the file /application/index/controller/Screen.php, specifically within the 'uploadIcon' function. This function accepts and saves files to a public directory without proper validation or authentication. Consequently, an attacker can exploit this vulnerability by uploading a malicious file, such as a PHP script, which can then be accessed and executed on the server, potentially leading to unauthorized access or further exploitation. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/X1ASzPP5rHel |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/29/2024 12:07 (2 years ago) |
|---|
| Moderation | 01/29/2024 15:10 (3 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252311 [openBI up to 1.0.8 Icon Screen.php uploadIcon unrestricted upload] |
|---|
| Points | 20 |
|---|