Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution
Vulnerability Description
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with a command parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
File Thingie 安全漏洞
Vulnerability Description
File Thingie是Frances Leese个人开发者的一个文件管理器。 File Thingie 2.5.7版本存在安全漏洞,该漏洞源于认证文件上传漏洞,可能导致执行任意系统命令。
CVSS Information
N/A
Vulnerability Type
N/A