Submit #388363: dedebiz.com DedeBIZ v6.3.0 FileUploadinfo

Title	dedebiz.com DedeBIZ v6.3.0 FileUpload
Description	An attacker can modify the settings on the admin configuration page to allow the upload of images with the .phtml extension. Then, they can upload a malicious .phtml file through the "/admin/dialog/select_images_post.php" page.
Source	⚠️ https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md
User	Dee.Mirage (UID 71702)
Submission	08/09/2024 05:38 (2 years ago)
Moderation	08/17/2024 19:06 (9 days later)
Status	Accepted
VulDB entry	275032 [DedeBIZ 6.3.0 Attachment Settings select_images_post.php get_mime_type Upload unrestricted upload]
Points	17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!