Headline

CVE-2022-2420: webray.com.cn/URVE Web Manager uploader.php File upload vulnerability.md at main · joinia/webray.com.cn

A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.

2 years ago

CVE

Open in Source

#vulnerability #web #php

URVE Web Manager uploader.php has a file upload vulnerability, which can be exploited by attackers to gain system privileges.

if(isset($_FILES['userfile']))
{
    $uploadfile = $uploaddir.'/'. $_FILES['userfile']['name'];//basename($_FILES['userfile']['name']);
    //echo '<pre>';
    //error_log(print_r($_FILES, true)."\n", 3, 'logs.txt');
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
        //error_log(print_r($uploadfile, true)."\n", 3, 'logs.txt');
        chmod($uploadfile, 0777);
       // echo "File is valid, and was successfully uploaded.\n";
    } else {
       // echo "Possible file upload attack!\n";
    }

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago