Last active
October 4, 2024 15:39
-
-
Save TERRENCE-REX/bfca92171143e28899bb8511f311f9ed to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE ID] | |
| CVE-2024-37868 | |
| [PRODUCT] | |
| Itsourcecode | |
| [VERSION] | |
| V1.0 | |
| [PROBLEM TYPE] | |
| File Upload Vulnerability | |
| [DESCRIPTION] | |
| The file upload operation was triggered on line 12 of the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable. Due to the lack of appropriate input validation and cleaning, remote attackers only need to use regular user login to pass malicious payloads through this file upload function, resulting in unrestricted file uploads, which may further lead to remote code execution (RCE). | |
| [DISCOVERER] | |
| zhongguangyuan,limanshu,shijiahao at Guangzhou University |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment