New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PHP Code Execution Via Inject Malicious Code Or Create New Php File In Zip Theme #2374
Comments
|
Man. It's fuc* theme that must contains php. Fix is simple, disable this upload function in Theme manager but there are users that uses it.. // removed after discussion with Fred Also if you have access to administration you can run php from multiple places.. |
|
Any scripts in admin panel vulnerabilities caused by Administrator itself is not covered. You must as well give him Shell Access to your server and claim the whole software is vulnerable. |
|
Those involved in this better promote PHPFusion’s security features after
this. If everything is handled like this,no more headache for all of us.
On Thu, 26 Aug 2021 at 3:53 PM, Róbert Kelčák ***@***.***> wrote:
Closed #2374 <#2374>.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2374 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7DTWJLLS7XAIG4EBGZQB3T6XXF5ANCNFSM5C2TYJRQ>
.
--
Regards,
Frederick Chan
|
Thanks for your reply, I feel happy becase you considered my issue |
#KietNA From Inv1cta Team, HPT Cyber Security Center
Describe the bug
The attacker can abuse upload theme function to insert malicious php code or php file into zip file and upload to server, then the function will extract that file to "webroot/themes/[Theme Folder], the attacker can access and execute arbitrary code
Version
PHPFusion version: PHPFusion 9.03.110
To Reproduce
Steps to reproduce the behavior:
Screenshots
The function extracted malicious zip file:
Execute code:
Additional context
It is look like CVE-2019-11631: https://www.exploit-db.com/exploits/46775
The text was updated successfully, but these errors were encountered: