漏洞描述
在74CMS 3.0的/upload/admin/admin_templates.php处存在生成文件到本地的功能,可以将shell文件写入服务器,可能导致服务器沦陷
74cms /upload/admin/admin_templates.php 任意文件写入漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2020-22208: 74cms - ajax_street.php 'x' SQL Injection
- POC CVE-2020-22208: 74cms - ajax_street.php 'x' SQL Injection
- POC CVE-2020-22209: 74cms - ajax_common.php SQL Injection
- POC CVE-2020-22210: 74cms - ajax_officebuilding.php SQL Injection
- POC CVE-2020-22211: 74cms - ajax_street.php 'key' SQL Injection
- POC CVE-2022-26271: 74cmsSE v3.4.1 - Arbitrary File Read
- POC CVE-2020-22209: 74cms - ajax_common.php SQL Injection
- POC CVE-2020-22210: 74cms - ajax_officebuilding.php SQL Injection
- POC CVE-2020-22211: 74cms - ajax_street.php 'key' SQL Injection
- POC 74cms-sqli-1: 74 CMS SQL 注入漏洞
- POC 74cms-sqli-2: 74 CMS SQL 注入漏洞
- POC CVE-2020-29279: 74CMS - Remote File Inclusion
- POC 74cms-weixin-sqli: 74CMS weixin.php - SQL Injection