CVE-2020-20210: Bludit v3.9.2 Code Execution Vulnerability in "Images Upload" · Issue #1079 · bludit/bludit

A Code Execution Vulnerability in Bludit v3.9.2****There is a Code Execution Vulnerability which allow to get server permissions,the url is /admin/ajax/upload-images****1, login with any account which allows you to edit content

2, click the button of Images to upload a picture

3 change the name and content of the file and then upload

and also upload a.htaccess file

The file will now be under the TMP folder

4 visit evil php http://127.0.0.1/bludit-3-9-2/bl-content/tmp/shell.php

PHP version

PHP 7.3.2