| Title | Huankemao SCRM 0.0.3 Unrestricted Upload |
|---|
| Description | HuankeMao SCRM is a data-driven, finely operated service system based on Enterprise WeChat, helping businesses achieve intelligent, simple, friendly, and detailed customer operation management.
There is an arbitrary file upload vulnerability in the backend of the HuanKeMao SCRM 0.0.3. Attackers can exploit this vulnerability to upload backdoor files and gain server privileges.
Github:https://github.com/huankemao/huankemao-php
The vulnerability is located in the `upload_domain_verification_file` function of the `WxkConfig.php` file in the `app\admin\controller\v1` directory. |
|---|
| Source | ⚠️ https://wiki.shikangsi.com/post/share/96b7d919-1749-4e2b-bda2-b80d2fd23865 |
|---|
| User | wiki (UID 72124) |
|---|
| Submission | 09/18/2024 11:33 (2 years ago) |
|---|
| Moderation | 09/27/2024 07:36 (9 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 278660 [HuankeMao SCRM up to 0.0.3 Administrator Backend WxkConfig.php upload_domain_verification_file unrestricted upload] |
|---|
| Points | 20 |
|---|