search

YLoiK / 74cmsSE-Arbitrary-file-upload-vulnerability

0 stars 0 forks source link

74cmsSE Arbitrary file upload vulnerability #1

Open YLoiK opened 2 years ago

YLoiK commented 2 years ago

Vulnerability Name: Arbitrary file upload vulnerability

Date of Discovery: 25/9/2022

Product version: 74cmsSEv3.13.0 DownloadLink : https://www.74cms.com/download/detail/92.html

Author: xxhzz

Vulnerability Description: Any file can be uploaded due to improper filtering

Prove: 74cmsSE v3.13.0 image Uploading PHP Files image Phpinfo was parsed and executed successfully image

Zoe0427 commented 2 years ago

老哥好,请问下你在装CMS的时候碰到后台登录窗口验证码不显示吗,如果碰到老哥你是咋解决的