Headline
CVE-2020-19786: There is an arbitrary file upload vulnerability · Issue #20 · cskaza/cszcms
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Bla1n opened this issue
Jul 14, 2019
· 2 comments
Closed
There is an arbitrary file upload vulnerability #20
Bla1n opened this issue
Jul 14, 2019
· 2 comments
Comments
There are any files uploaded in the background of your website, you can upload PHP files, so that if the administrator password is leaked, the file uploaded through here can be directly getshell, take over the web
example:
I think you should limit the type of file you upload
administrator password is leaked. It’s user error.
And on this section. I want to use like a file manager.
I can edit/ upload with replace the php file without FTP.
If you have other idea to do like this. Please tell me know.
Fixed already on 1.2.4
Thanks.
2 participants