Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-3057: HuBenVulList/YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability 2.md at main · HuBenLab/HuBenVulList

A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: '…/filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.

CVE
#vulnerability#git#php#rce#auth

YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability****Description

YFCMF-TP6-3.0.4 has a Remote Command Execution (RCE) vulnerability

Vendor Homepage

https://github.com/0377/yfcmf-tp6,https://www.iuok.cn/

Author****Proof of Concept

The problem is in app/admin/controller/Ajax.php in the lang function, the vulnerability can be in the framework does not open the multilingual when the inclusion of php files to achieve the effect of rce.

Start analyzing the code, first controllerername controllable, follow up loadlang function

The code above if is used to handle the path, the main code is in the lang::land function below.

Keeping following up, the load function will take the arguments we pass into the parse function for parsing.

The next step is to include the php file we control

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907