漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/.
漏洞信息
N/A
漏洞
N/A
漏洞
Chyrp swfupload扩展upload_handler.php权限许可和访问控制漏洞
漏洞信息
Chyrp是一款开源的基于PHP和MySQL的轻量级博客(Blog)引擎。 Chyrp 2.0及早期版本的swfupload扩展中的upload_handler.php依赖客户端JavaScript代码限制上传文件的扩展。远程认证用户可借助对admin/下默认URI的write_post操作上传.php文件并执行任意PHP代码。
漏洞信息
N/A
漏洞
N/A