wcms icon indicating copy to clipboard operation
wcms copied to clipboard

Published 20 hours ago • verified publisher icon vedees

A Arbitrary File Upload Vulnerability in wcms/wex/finder/action.php

Open Ryan0lb opened this issue 6 years ago • 2 comments

A Arbitrary File Upload Vulnerability in wcms/wex/finder/action.php

Affected software:WCMS V0.3.2 Type of vulnerability: Arbitrary File Upload Discovered by: Yu Yang

Use this upload feature in the developer/finder: image and we can upload arbitrary file in the web server,it allows attackers upload malicious code image POC(2.php): <?php @eval($_POST[c]);?> image code: image image i hope you can fix it

Ryan0lb avatar Apr 03 '19 06:04 Ryan0lb

working on it!

vedees avatar Apr 29 '19 14:04 vedees

Hello. I have maid some changes to project structure. Now there have public folder, where would be user files. In that folder I have added .htaccess file that prevent execution of php code in public folder. Maybe this is not elegant fix, but quick and work good. I'm only start this fork, so I would fix next issues, when I have free time. https://github.com/cryptoprof/wcms/tree/feature/securityFix

cryptoprof avatar Jul 27 '19 16:07 cryptoprof