Gửi #848624: Beijing Star-Net Ruijie Network Technology Co., Ltd. RG-UAC V1.0-R1.8.2.p5 CWE-434 (Unrestricted Upload of File with Dangerous Type)thông tin

tiêu đềBeijing Star-Net Ruijie Network Technology Co., Ltd. RG-UAC V1.0-R1.8.2.p5 CWE-434 (Unrestricted Upload of File with Dangerous Type)
Mô tảA critical vulnerability exists in the user_auth_commit.php interface of the Ruijie RG-UAC Unified Internet Behavior Management and Audit System. The system fails to properly validate and sanitize user-controlled input during the image upload process. An attacker can exploit this by uploading a malicious web shell (e.g., a PHP file) via the upload_image parameter.Successful exploitation allows an unauthenticated remote attacker to bypass access controls, execute arbitrary system commands on the server, and fully compromise the confidentiality, integrity, and availability of the system. Furthermore, system credentials can be obtained through unprotected front-end source code or default passwords, making it trivial to log in and leverage the upload vulnerability.
Nguồn⚠️ https://ucn9h68n9289.feishu.cn/wiki/OiAKwH3hRi3oVpkQyeycjjPrnL8?fromScene=spaceOverview
Người dùng
 bigbrother_man (UID 96003)
Đệ trình05/06/2026 04:14 (cách đây 30 ngày)
Kiểm duyệt04/07/2026 11:00 (29 days later)
Trạng tháiđược chấp nhận
Mục VulDB376318 [Ruijie RG-UAC đến 1.0-R1.8.2.p5 user_auth_commit.php upload_image nâng cao đặc quyền]
điểm20

Do you need the next level of professionalism?

Upgrade your account now!