Closed gml-sec closed 3 years ago
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
lightcms latest version (v1.3.5)
Place the php file which wants to be executed on your own server, and download it:
thanks
eddy8
commented
3 years ago eddy8
commented
3 years ago
Description
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
Impact Version
lightcms latest version (v1.3.5)
Steps to Reproduce
Arbitrary File Reading
Remote Code Execution
Place the php file which wants to be executed on your own server, and download it: