| tiêu đề | Open source ERP inventory and sales system has file upload vulnerability |
|---|
| Mô tả | In application/controllers/basedata/inventory. php, the uploadImages function of ERP controls the file upload. When uploading the file, no verification is performed on the uploaded file, which results in the normal parsing of the uploaded PHP script file. The uploaded PHP file is saved in the path/data/upfile/tools/. Use the webshell tool to connect the uploaded PHP file, and then you can get the shell |
|---|
| Nguồn | ⚠️ https://github.com/jerryhanjj/ERP/issues/3 |
|---|
| Người dùng | ace. (UID 34853) |
|---|
| Đệ trình | 08/11/2022 13:46 (cách đây 4 những năm) |
|---|
| Kiểm duyệt | 11/11/2022 08:34 (3 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 213451 [jerryhanjj ERP Commodity Management inventory.php uploadImages nâng cao đặc quyền] |
|---|
| điểm | 19 |
|---|