| Title | SyCms 1.0 Unrestricted Upload |
|---|
| Description | The file upload/save functionality in the SyCms content management system's administrative panel lacks necessary security validation when processing user-provided parameters. Authenticated administrative users can construct specific requests to cause the system to write files with arbitrary content to arbitrary paths on the server. Attackers can then write malicious code to paths within the web directory that have script execution privileges, leading to remote code execution (RCE). |
|---|
| Source | ⚠️ https://gitee.com/shanyu/SyCms/issues/IDCEWG |
|---|
| User | formanagain (UID 93347) |
|---|
| Submission | 12/11/2025 09:48 (4 months ago) |
|---|
| Moderation | 12/27/2025 10:18 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 338508 [shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921 Administrative Panel FileManageController.class.php addPost code injection] |
|---|
| Points | 20 |
|---|