helloxz
commented
2 years ago 该漏洞风险较高,我修改了你提交的漏洞详情,请谅解。感谢您的反馈,目前该漏洞已经在0.9.15中进行了修复。
Closed Le0nsec closed 2 years ago
helloxz
commented
2 years ago 该漏洞风险较高,我修改了你提交的漏洞详情,请谅解。感谢您的反馈,目前该漏洞已经在0.9.15中进行了修复。
Le0nsec
commented
2 years ago I applied for a CVE with the number CVE-2022-26276.
漏洞简介 Vulnerability Introduction
由于index.php存在拼接且未经过滤的可控参数文件包含,可以进行路径穿越包含php原生pearcmd.php导致写入恶意文件Getshell。
Due to the inclusion of spliced and unfiltered controllable parameter files in index.php, path traversal can be performed to include php native pearcmd.php resulting in the writing of the malicious file getshell.