Headline
CVE-2023-3056: HuBenVulList/YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability 1.md at main · HuBenLab/HuBenVulList
A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: '…/filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.
Permalink
1 contributor
Users who have contributed to this file
YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability****Description
YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability
Vendor Homepage
https://github.com/0377/yfcmf-tp6,https://www.iuok.cn/
Author****Proof of Concept
This vulnerability is entirely caused by thinkphp framework, in yfcmf by default open multi-language, the attacker can use pearcmd file contains to achieve rce.
The path to the pearcmd file should be noted here