| Title | OpenBi OpenBi <=1.0.8 Pre-authentication arbitrary file upload |
|---|
| Description | The OpenBi application, as of version 1.0.8, has a pre-authentication arbitrary file upload vulnerability in the Unity.php file. This vulnerability allows an attacker to upload a malicious file to the server, which can then be executed to potentially compromise the system. The file upload function, 'uploadIcon', does not properly validate the uploaded file, leading to this vulnerability. After successfully uploading a file, the attacker can access and execute it, which poses a significant security risk. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/hPSx8li8LFfJ |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/31/2024 03:08 (2 years ago) |
|---|
| Moderation | 01/31/2024 14:10 (11 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 252471 [openBI up to 1.0.8 Unity.php uploadUnity File unrestricted upload] |
|---|
| Points | 20 |
|---|