File upload vulnerability in Nucleus CMS v3.71

[Gsuhy-L]

Description: I found a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without. Htaccess file. Upload an. Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, we can upload a picture with shell, treat it as PHP, execute our commands, so as to take down the whole website Resources and permissions for.

Because I don't know why my picture can't be uploaded, so I wrote the detailed utilization process in this page, hope you can see it
https://shimo.im/docs/Ch9CphJt8XwTvQ3d

I would like to submit this vulnerability to CVE mitre. I hope you can fix this vulnerability as soon as possible

Looking forward to your response.

[faisalfs10x]

is it fixed? or this project is dead?

[yama]

@faisalfs10x
ok, I'll fix it later.