A PHP Code Execution Vulnerability in /designer/add/stylesheet.php at V2.0.5

jbroadway / elefant

Elefant, the refreshingly simple PHP CMS and web framework.

http://www.elefantcms.com

MIT License

208 stars 39 forks source link

Closed liao10086 closed 5 years ago

liao10086 commented 5 years ago

I found a php code execution vulnerability in /designer/add/stylesheet.php at V2.0.5 URL: http://192.168.10.12/designer/add/stylesheet POC:

New Stylesheet Name input a php file extension,like test.php 2.style input your php code ,like <?php phpinfo(); ?> and you will see the php code execution just like the picture

Suggestion: Stylesheet limit php code author by: xijun.liao@dbappsecurity.com.cn

jbroadway commented 5 years ago

Thanks for reporting this! I believe the issue is fixed in master now. I'll be making a new release tomorrow as well.