Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Arbitrary file read & RCE vulnerability in "catchImage" #19

Closed
gml-sec opened this issue Feb 6, 2021 · 1 comment
Closed

Arbitrary file read & RCE vulnerability in "catchImage" #19

gml-sec opened this issue Feb 6, 2021 · 1 comment

Comments

@gml-sec
Copy link

gml-sec commented Feb 6, 2021

Description

There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.

Impact Version

lightcms latest version (v1.3.5)

Steps to Reproduce

Arbitrary File Reading

image
image

Remote Code Execution

Place the php file which wants to be executed on your own server, and download it:
image

image

eddy8 added a commit that referenced this issue Feb 7, 2021
eddy8 added a commit that referenced this issue Feb 7, 2021
eddy8 added a commit that referenced this issue Feb 7, 2021
@eddy8 eddy8 closed this as completed Feb 7, 2021
@eddy8
Copy link
Owner

eddy8 commented Feb 7, 2021

thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants