The unzip method of FileUtils did not do any logical judgment on the decompressed zip package.
com/fastcms/common/utils/FileUtils.java
Create a zip package;
Uploading a zip package;
Successfully logged in to ssh, successfully wrote the public key to the root/.ssh/authorized_keys file.
The text was updated successfully, but these errors were encountered:
ha1yuYiqiyinHangzhouTechn0logy
changed the title
Fastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writing.
Fastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writing. And gain server privileges;
Feb 23, 2023
Fastcms system has a zip package directory traversal vulnerability that allows for arbitrary file writing. And gain server privileges;
Fastcms 系统存在zip包目录穿越导致的任意文件写入,并获取服务器权限;
/fastcms/admin/template/install
This interface has a zip package directory traversal vulnerability that allows for arbitrary file writing.
com/fastcms/cms/controller/admin/TemplateController.java

The install method of DefaultTemplateService invoked the unzip method of FileUtils.
com/fastcms/core/template/DefaultTemplateService.java

The unzip method of FileUtils did not do any logical judgment on the decompressed zip package.
com/fastcms/common/utils/FileUtils.java

Create a zip package;

Uploading a zip package;

Successfully logged in to ssh, successfully wrote the public key to the root/.ssh/authorized_keys file.

The text was updated successfully, but these errors were encountered: