| tiêu đề | WMS has a file upload code execution vulnerability |
|---|
| Mô tả | In the process of uploading images, the front end directly transfers the uploaded images to the back end $upfile without filtering, and the back end does not detect the suffixes of the uploaded files. The strtolower() function names the uploaded files in lowercase and assigns values to the variable $exname. $exname then renames the uploaded files and stores them in the directory upimages and grants directory permissions. The naming rules for uploaded files are 1. jpg, 2. jpg, and so on, So the php file we uploaded is renamed as 1. php. At this time, we can execute any code |
|---|
| Nguồn | ⚠️ https://github.com/FeMiner/wms/issues/14 |
|---|
| Người dùng | ace. (UID 34853) |
|---|
| Đệ trình | 29/11/2022 15:59 (cách đây 4 những năm) |
|---|
| Kiểm duyệt | 03/12/2022 08:37 (4 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 214760 [FeMiner wms savenewproduct.php?flag=1 upfile nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|