| Title | Company Website CMS Dashboard Exists Arbitrary File Upload |
|---|
| Description | Company Website CMS Dashboard Exists Arbitrary File Upload
Each file upload page in the background allows arbitrary file uploads. After the attacker enters the background, he can upload a webshell to control the server.
Arbitrary file upload vulnerability exists in the following access paths:
/dashboard/createblog
/dashboard/createservice
/dashboard/createportfolio
/dashboard/createslide
/dashboard/newtestimony
/dashboard/logo |
|---|
| Source | ⚠️ https://github.com/Jamison2022/Company-Website-CMS/blob/main/Company%20Website%20CMS-FileUpload.md |
|---|
| User | Jamison (UID 30712) |
|---|
| Submission | 08/06/2022 13:58 (4 years ago) |
|---|
| Moderation | 08/06/2022 18:59 (5 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 205817 [SourceCodester Company Website CMS unrestricted upload] |
|---|
| Points | 20 |
|---|