Skip to content

An issue was discovered in WTcms. there is an Backstage editor getshell Vulnerability #3

Open
@Assassins-white

Description

@Assassins-white

The attacker opens Setting - Mailbox configuration - Registration email template,upload the image through the editor, burbsuite capture the package and change the Suffix, you can upload any file.
1
2
3
4

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions