Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zeroboard write_ok.php 任意文件上载漏洞
Vulnerability Description
Zeroboard 4.1 pl8中的write_ok.php在带有mod_mime的Apache上安装时,远程攻击者可以通过上传带有 AddType指令的.htaccess文件,绕过对带有可执行扩展名的文件的上传限制。该指令可将可执行模块指定到带有假装安全的扩展名的文件,比如将txt扩展名指定为由application/x-httpd-php进行处理。
CVSS Information
N/A
Vulnerability Type
N/A