| Title | BiggiDroid Simple PHP CMS 1.0 Unrestricted Upload |
|---|
| Description | BiggiDroid Simple PHP CMS, a lightweight content management system built with PHP, contains a critical arbitrary file upload vulnerability in its editsite.php script. This vulnerability allows unauthenticated or improperly authenticated attackers to upload malicious files (e.g., PHP webshells) to the server, leading to remote code execution (RCE), server compromise, and unauthorized access to sensitive data. |
|---|
| Source | ⚠️ https://gitee.com/hdert/ck/issues/IDGO28 |
|---|
| User | k271266 (UID 93965) |
|---|
| Submission | 12/29/2025 17:03 (4 months ago) |
|---|
| Moderation | 01/09/2026 12:37 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 340273 [BiggiDroid Simple PHP CMS 1.0 /admin/editsite.php image unrestricted upload] |
|---|
| Points | 20 |
|---|