漏洞描述
【漏洞对象】云EC开源电商系统 【涉及版本】V1.2.3版本 【漏洞描述】 该系统存在前台任意文件上传漏洞,导致攻击者可以上传恶意文件到服务器,获取服务器权限。
云EC开源电商系统V1.2.3前台-任意文件上传
PoC代码
暂无相关漏洞推荐
- POC 同享人力资源管理系统 TXEHR V15 PeiXun.asmx SQL注入漏洞
- H3C GR-1800AX MiniGRW1B0V100R007 /goform/aspForm 命令执行漏洞(CVE-2024-52765)
- Magento /rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods XML 外部实体注入漏洞(CVE-2024-34102)
- POC CVE-2018-0127: Cisco RV132W/RV134W Router - Information Disclosure
- POC CVE-2019-1898: Cisco RV110W RV130W RV215W Router - Information leakage
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
- POC CVE-2021-35265: MaxSite CMS > V106 - Cross-Site Scripting
- POC CVE-2022-26833: Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
- POC CVE-2024-11587: idcCMS V1.60 - Cross-Site Scripting
- POC CVE-2024-22729: Netis MW5360 V1.0.1.3031 - Command Injection
- POC CVE-2024-30568: Netgear R6850 V1.1.0.88 - Command Injection
- POC CVE-2024-7928: FastAdmin < V1.3.4.20220530 - Path Traversal
- POC CVE-2021-3297: Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass