Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-8965: vulnerability/ppsave.php.md at master · Ni9htMar3/vulnerability

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVE
#vulnerability#web#php#ruby

title

tags

grammar_cjkRuby

ppsave.php

bug

true

/user/ppsave.php****Edition :

zzcms 8.2

Location

/user/ppsave.php

Code:

if ($oldimg<>$img && $oldimg<>"image/nopic.gif") { //deloldimg $f=$oldimg; if (file_exists($f)){ unlink($f);
} $fs=str_replace(".","_small.",$oldimg); if (file_exists($fs)){ unlink($fs);
}

Rows : 68****Harm

Allows attackers to delete files arbitrarily

Cause the cause

First analyze the code, the first condition is action=modify

There is no other previous condition, just can directly control oldimg

poc

An attacker can use this vulnerability to delete any file, such as deleting install.lock for CMS reinstall and hijacking the website database.

Solution

Can be filtered through the input of control parameters, strictly control the type of parameters, suffixes

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907