I found a php code execution vulnerability in apps/filemanager/upload/drop.php at V2.0.5
Sep:
1.delete /files/.htaccess
use delete file api to delete .htaccess
POST /filemanager/api/rm/.htaccess
2. php file upload by pass
Use the Windows feature to add spaces after the file name.
POC:
delete .htaccess success
upload php file success
php code execution
I found a php code execution vulnerability in apps/filemanager/upload/drop.php at V2.0.5

Sep:



1.delete /files/.htaccess
use delete file api to delete .htaccess
POST /filemanager/api/rm/.htaccess
2. php file upload by pass
Use the Windows feature to add spaces after the file name.
POC:
delete .htaccess success
upload php file success
php code execution
Suggest:Use white list
author by:xijun.liao@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered: