Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
W-Agora 多个未限制文件上传漏洞
Vulnerability Description
w-Agora (Web-Agora)中存在未限制文件上传漏洞。远程攻击者可以(1)借助带有附件的储存在forums/hello/hello/notes/文件下的forum信息或(2)使用browse_avatar.php上传包含双扩展名的文件,比如.php.jpg,来上传和执行任意的PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A