Headline
CVE-2020-19028: emlogcms has any file upload vulnerability · Issue #1 · sincere-c/CVE
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function.
emlog6.0CMS /admin/plugin.php has plug-in upload function, you can upload plug-in by uploading zip format compressed package
Upload a zip file, the zip file name must be the same as the unzipped file name, here test.php is compressed to test.zip
Http://localhost/emlog6.0CMS/content/plugins/test/test.php
Access the url, add post request 1=phpinfo();, the response page is as follows, and prove that the Trojan upload is successful.
Use a kitchen knife to connect to http://localhost/emlog6.0CMS/content/plugins/test/test.php with a password of 1