| Title | flute-cms.com Web-based CMS for server games written on PHP v0.2.2.4-alpha File Upload |
|---|
| Description | By registering an account and logging in, you can upload PHP files on the avatar upload page, but it requires modifying the header information of the PHP file to bypass detection.
Register a user and log in, modify the user avatar, upload a PHP file, and add the header GIF89a.
Source code:https://github.com/Flute-CMS/cms/releases
|
|---|
| Source | ⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE5-1.md |
|---|
| User | Dee.Mirage (UID 71702) |
|---|
| Submission | 07/16/2024 07:21 (2 years ago) |
|---|
| Moderation | 07/20/2024 12:06 (4 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 272067 [Flute CMS 0.2.2.4-alpha Avatar Upload Page ImagesController.php unrestricted upload] |
|---|
| Points | 18 |
|---|