In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an Admin-Upload-Upload request.
References
Link | Resource |
---|---|
http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html | Exploit Third Party Advisory |
http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.atksec.com/cve/GxlcmsQY-v1.0.0713-upload-getshell/index.html - Exploit, Third Party Advisory |
Information
Published : 2018-04-07 21:29
Updated : 2024-11-21 04:15
NVD link : CVE-2018-9848
Mitre link : CVE-2018-9848
CVE.ORG link : CVE-2018-9848
JSON object : View
Products Affected
gxlcms
- gxlcms_qy
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')