漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
xbtitFM 4.1.18 Insecure File Upload in file_hosting Feature
Vulnerability Description
xbtitFM 4.1.18 contains an insecure file upload vulnerability that allows authenticated attackers with administrative privileges to upload and execute arbitrary PHP code through the file_hosting feature. Attackers can bypass file type restrictions by modifying the Content-Type header to image/gif, adding GIF89a magic bytes, and using alternate PHP tags to upload web shells that execute system commands.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
xbtitFM 代码问题漏洞
Vulnerability Description
xbtitFM是xbtitFM个人开发者的一个BitTorrent追踪器软件。 xbtitFM 4.1.18版本存在代码问题漏洞,该漏洞源于file_hosting功能存在不安全文件上传,可能导致执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A