| Title | YiFang YiFang CMS V2.0.0 Arbitrary File Upload |
|---|
| Description | YiFang CMS has a arbitrary file upload vulnerability in the webUploader method of app/app/controller/File.php, where attackers can upload webshells to gain server privileges。
**You can download the product source code in https://gitee.com/wanglongcn/yifang.
You can download the product source code in https://gitee.com/wanglongcn/yifang.
You can download the product source code in https://gitee.com/wanglongcn/yifang.**
|
|---|
| Source | ⚠️ https://github.com/electroN1chahaha/YifangCMS-V2.0.0-Remote-Code-Execution-RCE-/issues/1 |
|---|
| User | electroN1c (UID 85481) |
|---|
| Submission | 09/18/2025 08:15 (7 months ago) |
|---|
| Moderation | 09/28/2025 17:47 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 326213 [YiFang CMS up to 2.0.2 Backend File.php webUploader uploadpath unrestricted upload] |
|---|
| Points | 20 |
|---|