提交 #255512: DedeBIZ DedeBIZ <=6.2.12 file upload信息

标题DedeBIZ DedeBIZ <=6.2.12 file upload
描述When logging into the backend as an administrator, we can upload files in the attachment management section. Here, we can upload files, and the backend likely detects whether the uploaded file is an image based on its file signature. However, this means we can upload arbitrary PHP files, potentially leading to command execution.
来源⚠️ https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20file%20upload/README.md
用户
 JTZ- (UID 59232)
提交2023-12-20 06時25分 (3 年前)
管理2023-12-29 23時20分 (10 days later)
状态已接受
VulDB条目249368 [Muyun DedeBIZ 直到 6.2.12 Add Attachment 权限提升]
积分18

Interested in the pricing of exploits?

See the underground prices here!