| Title | MuYucms has Arbitrary code execution vulnerability |
|---|
| Description | we can construct packets after logging in and we will read the config file, and then we can Specify the remote url to download the file and save the downloaded file to the specified location. then we can access the specified file directory and find that the code was successfully executed.
|
|---|
| Source | ⚠️ https://github.com/MuYuCMS/MuYuCMS/issues/7 |
|---|
| User | kaga_cve (UID 41588) |
|---|
| Submission | 02/25/2023 07:39 (3 years ago) |
|---|
| Moderation | 02/26/2023 13:20 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 221805 [MuYuCMS 2.2 getFile.html url server-side request forgery] |
|---|
| Points | 20 |
|---|