DedeBIZ archives_do.php AdminUpload unrestricted upload

A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

危险类型文件的不加限制上传

DedeBIZ 代码问题漏洞

DedeBIZ是中国穆云智能（DedeBIZ）公司的一个内容管理系统。 DedeBIZ 6.3.0版本存在代码问题漏洞，该漏洞源于文件admin/archives_do.php的参数litpic会导致不受限制的上传。

N/A

N/A