Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Stored XSS in class.upload.php
Vulnerability Description
As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
class.upload.php 跨站脚本漏洞
Vulnerability Description
class.upload.php是此类为您管理文件上传。 class.upload.php 存在跨站脚本漏洞,该漏洞源于不会对上传的文件进行深入检查,从而在使用默认配置时导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A