提交 #280599: TemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation信息

标题TemmokuMVC TemmokuMVC <=2.3 Arbitrary File Creation
描述The TemmokuMVC system, version 2.3 and below, has an Arbitrary File Creation vulnerability in the images_get_down.php file. This vulnerability arises from the system parsing and downloading all image tags in an article to local storage, including URLs with a PHP suffix. An attacker can exploit this by starting a server that responds with PHP code disguised as an image, which gets saved on the server. The attacker can then brute force the filename to execute the arbitrary PHP code, leading to Remote Code Execution (RCE).
来源⚠️ https://note.zhaoj.in/share/OrBH8zLKUPOA
用户
 glzjin (UID 59815)
提交2024-02-11 16時15分 (2 年前)
管理2024-02-22 15時35分 (11 days later)
状态已接受
VulDB条目254532 [TemmokuMVC 直到 2.3 Image Download lib/images_get_down.php get_img_url/img_replace 权限提升]
积分20

Want to know what is going to be exploited?

We predict KEV entries!