提交 #275593: OpenBi OpenBi <=1.0.8 Pre-Authentication Arbitrary File Creation信息

标题OpenBi OpenBi <=1.0.8 Pre-Authentication Arbitrary File Creation
描述The OpenBI software, specifically in file /application/index/controller/Screen.php, has a Pre-Authentication Arbitrary File Creation vulnerability. This flaw allows an attacker to create a zip file with arbitrary PHP code, which can be executed when accessed. This essentially leads to Remote Code Execution (RCE). The vulnerability has been confirmed in versions up to and including 1.0.8.
来源⚠️ https://note.zhaoj.in/share/Liu1nbjddxu4
用户
 glzjin (UID 59815)
提交2024-01-31 07時55分 (2 年前)
管理2024-01-31 14時10分 (6 hours later)
状态已接受
VulDB条目252475 [openBI 直到 1.0.8 Screen.php index fileurl 权限提升]
积分19

Want to stay up to date on a daily basis?

Enable the mail alert feature now!