Headline
CVE-2023-1398: Vulnerability:found a upload vuln · Issue #I6IIYV · XiaoBingBy/TeaCMS - Gitee.com
A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '…/filedir’. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.
Vulnerability:found a upload vuln
待办的
Redeem_Hu
创建于
2023-02-28 19:40
risky path : /admin/upload
risky function: me.teacms.controller.common.UploadImgController#upload
Because there is no security detection file suffix function, users can upload any file, or even upload it to other working directories
like upload “test.jsp” or “…/…/…/…/test.jsp” to traversal Directory .
评论 (0)
Redeem_Hu 创建了任务
登录 后才可以发表评论