Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
lightcms latest version (v1.3.5)
Place the php file which wants to be executed on your own server, and download it:
The text was updated successfully, but these errors were encountered:
fix: catchImage #19
4e692e2
b52d0aa
20a5b11
thanks
Sorry, something went wrong.
No branches or pull requests
Description
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
Impact Version
lightcms latest version (v1.3.5)
Steps to Reproduce
Arbitrary File Reading
Remote Code Execution
Place the php file which wants to be executed on your own server, and download it:

The text was updated successfully, but these errors were encountered: