| 标题 | YiFang CMS 2.0.5 Unrestricted Upload |
|---|
| 描述 | The core code of the app/utils/base/plugin/P_file.php vulnerability is located in the mergeMultipartUpload() method in the above file. The uploaded file name is determined by the suffixes in md5value and name. Both of these are controllable, resulting in any file upload. |
|---|
| 来源 | ⚠️ https://github.com/August829/Yu/blob/main/20250811_3.md |
|---|
| 用户 | Yu Bao (UID 88956) |
|---|
| 提交 | 2025-08-12 15時46分 (11 月前) |
|---|
| 管理 | 2025-08-24 16時47分 (12 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 321236 [YiFang CMS 直到 2.0.5 P_file.php mergeMultipartUpload 文件 权限提升] |
|---|
| 积分 | 18 |
|---|