提交 #293104: Gacjie Servers Data Management System <=1.0 Arbitrary File Upload信息

标题Gacjie Servers Data Management System <=1.0 Arbitrary File Upload
描述The Servers Data Management System, specifically in its version 1.0 or below, has been identified to contain an Arbitrary File Upload vulnerability within its /app/admin/controller/Upload.php file. This vulnerability stems from the index function's failure to implement adequate file validation mechanisms, thereby allowing attackers to upload malicious PHP files without any restrictions. By exploiting this flaw, an attacker can upload a PHP script to the server via a crafted HTTP POST request to the endpoint /index.php/admin/Upload/index.html. Once uploaded, the attacker can execute arbitrary code by accessing the uploaded PHP file, potentially compromising the server or its data. This vulnerability was disclosed by the researcher glzjin, highlighting a significant security oversight in the application's file upload functionality.
来源⚠️ https://note.zhaoj.in/share/7kZiVRqSuiMx
用户
 glzjin (UID 59815)
提交2024-03-04 16時35分 (2 年前)
管理2024-03-12 16時16分 (8 days later)
状态已接受
VulDB条目256503 [Gacjie Server 直到 1.0 Upload.php index 文件 权限提升]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!