Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-23972 PoC — Joomla 代码问题漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-23972.yaml
Associated Vulnerability
Title:Joomla 代码问题漏洞 (CVE-2020-23972)
Description:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla Component GMapFP J3.5版本和J3.5free版本存在代码问题漏洞,该漏洞源于在非授权的情况下允许攻击者上传或下载文件。
Description
Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application
without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext.
File Snapshot

 id: CVE-2020-23972

info:
  name: Joomla! Component GMapFP 3.5 - Arbitrary File Upload
  author: dwi

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.