Open
Description
Vulnerability file: \functions.php
You can see that the file is uploaded directly without the verification file suffix.

Vulnerability to reproduce:
1、First log in to the backend of the website
2、Visit url: http://www.xxx.com/admin/index.php?mode=content&page=media&action=edit&file=de.gif&type=1 .
Then operate as shown below:

3、You can see that 1.php is successfully uploaded

4、Visit http://www.xxx.com/media/images/1.php and execute the code to get phpinfo information

Repair suggestion:
Set the upload whitelist and limit the suffixes of uploaded files to gif, jpg, and png
Metadata
Assignees
Labels
No labels