| Title | https://github.com/zorlan/skycaiji skycaiji 2.9 RCE |
|---|
| Description | In the fileAction method of zorlan skycaiji v2.9 in vendor/skycaiji/app/admin/controller/Tool.php, there is a file_put_contents function that can modify files in the data directory and complete remote code execution by modifying data/config.php |
|---|
| Source | ⚠️ https://github.com/sheratan4/cve/issues/5 |
|---|
| User | sheratan (UID 71236) |
|---|
| Submission | 02/17/2025 05:59 PM (1 Year ago) |
|---|
| Moderation | 02/28/2025 06:09 PM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 298012 [Zorlan SkyCaiji 2.9 Tool.php fileAction save_data unrestricted upload] |
|---|
| Points | 17 |
|---|