Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the ReplaceBadFilenameChars function in include/ItemAdder.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
kwalbum 输入验证漏洞
Vulnerability Description
Kwalbum 2.0.4版本, 2.0.2版本, 及其早期版本中存在无限制文件上传漏洞,当 PICS_PATH在网根中定位时,远程验证用户通过上传一个具有可执行扩展名的文件并通过向items/的文件提交一个直接的请求来访问该文件,以执行任意代码。它与include/ItemAdder.php中的ReplaceBadFilenameChars函数相关。
CVSS Information
N/A
Vulnerability Type
N/A