| Title | Bdtask News365 – PHP Newspaper Script Magazine Blog with Video Newspaper 7.0.3 Unrestricted File Upload |
|---|
| Description | An Unrestricted File Upload vulnerability exists in the admin panel's profile management section of News365 version 7.0.3. The file upload functionality for the 'profile_image' and 'banner_image' parameters fails to properly validate file extensions or content types. This allows an authenticated administrator to upload a malicious script, such as a PHP web shell, to a web-accessible directory. An attacker can then execute the uploaded file by navigating to its direct URL, leading to Remote Code Execution (RCE) and full server compromise. |
|---|
| Source | ⚠️ https://github.com/4m3rr0r/PoCVulDb/issues/5 |
|---|
| User | 4m3rr0r (UID 85795) |
|---|
| Submission | 10/29/2025 16:34 (8 months ago) |
|---|
| Moderation | 11/14/2025 13:59 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 332473 [Bdtask/CodeCanyon News365 up to 7.0.3 /admin/dashboard/profile profile_image/banner_image unrestricted upload] |
|---|
| Points | 20 |
|---|