The vulnerability lies in the update function of the upgradecontroller.php file.
In this function, the 'list' variable is spliced into the path without filtering, so any file can be copied under the '/ backup / upgrade /' path, and then the file can be downloaded by directly accessing the file.
1.Log in to the / admin.php page.
2.Post the '/ pbootcms / Admin. PHP? P = / upgrade / update' to request that the contents of the list point to the file to be downloaded
3.Next, visit '\ pbootcms \ static \ backup \ extensions \ nginx1.15.11 \ conf \ nginx. Conf' to download to the file
code
The filtering of 'list' is not strict.
The text was updated successfully, but these errors were encountered:
The vulnerability lies in the update function of the upgradecontroller.php file.

In this function, the 'list' variable is spliced into the path without filtering, so any file can be copied under the '/ backup / upgrade /' path, and then the file can be downloaded by directly accessing the file.
1.Log in to the / admin.php page.
2.Post the '/ pbootcms / Admin. PHP? P = / upgrade / update' to request that the contents of the list point to the file to be downloaded
3.Next, visit '\ pbootcms \ static \ backup \ extensions \ nginx1.15.11 \ conf \ nginx. Conf' to download to the file
code

The filtering of 'list' is not strict.
The text was updated successfully, but these errors were encountered: