| 标题 | givanz Vvveb Vvveb 1.0.7.2 File Upload |
|---|
| 描述 | A critical file upload vulnerability in Vvveb CMS allows attackers to bypass security controls by appending special characters to file extensions (e.g., .svg/). This enables upload of malicious SVG+XML files containing JavaScript payloads. The vulnerability can be exploited through multiple attack vectors: direct admin access to uploaded files, iframe injection in posts/pages/products, or plugin code editor functionality. Successful exploitation allows attackers to execute XSS attacks that can create superadministrator accounts, upload and activate malicious plugins, and ultimately achieve remote code execution on the server. The attack chain demonstrates complete system compromise from initial file upload to reverse shell access. |
|---|
| 来源 | ⚠️ https://gist.github.com/KhanMarshaI/b90045ee823866a52f33615776b5a6ec |
|---|
| 用户 | KhanMarshal (UID 89610) |
|---|
| 提交 | 2025-09-17 12時11分 (7 月前) |
|---|
| 管理 | 2025-09-26 10時24分 (9 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 325965 [givanz Vvveb 直到 1.0.7.2 SVG File 跨网站脚本] |
|---|
| 积分 | 20 |
|---|