Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GNUBoard文件扩展名绕过任意命令执行漏洞
Vulnerability Description
GNUBoard没有正确过滤用户上传的文件名,远程攻击者可以利用这个漏洞上传恶意脚本文件,以WEB进程权限执行。 gbupdate.php对每个上传文件进行大小写敏感检查,攻击者可以上传[attack].PHP.rar, [attack].pHp.rar之类的文件名而绕过检查机制,因此而以WEB进程权限执行文件中的任意命令。
CVSS Information
N/A
Vulnerability Type
N/A