CMSsite icon indicating copy to clipboard operation
CMSsite copied to clipboard

Published 20 hours ago verified publisher icon VictorAlagwu

profile.php arbitrary file upload vulnerability

Open byck01 opened this issue 6 years ago • 2 comments

  • 1.Profile.php does not evaluate the suffix at the upload file, causing any file upload vulnerability 2019-02-27 9 47 26

  • test.php

<?php
phpinfo();
?>
  • Upload test.php at user management; successfully execute code http://localhost/CMSsite-master/img/test.php 2019-02-27 9 51 21

byck01 avatar Feb 27 '19 13:02 byck01

Thanks for the review, kindly send a corresponding fix or PR to this issue.

VictorAlagwu avatar Feb 27 '19 14:02 VictorAlagwu

You should judge the uploaded file suffix before the move_uploaded_file function.

byck01 avatar Feb 28 '19 01:02 byck01