漏洞描述
KafooeyBlog 1.55b版本的lib/image_upload.php中存在无限制文件上传漏洞。远程攻击者通过上传一个具有可执行扩展名的文件并通过对该文件提交一个直接请求来读取,以执行任意代码。
BLOG 'image_upload.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
- POC CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
- POC generic-php-files: Generic PHP Backup Information Disclosure
- PHPGurukul Employee Record Management System 代码注入漏洞
- PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞
- php-livechat-uploadimg-html-upload: PHP LiveChat Upload
- thinkphp-30-rce: Thinkphp 3.0 RCE
- thinkphp-5.0.23-rce: Thinkphp debug 执行任意命令
- thinkphp-50-rce: Thinkphp 5.0 RCE
- thinkphp-v6-file-write: thinkphp-v6-file-write
- weiphp-path-traversal: Weiphp Path Traversal
- weiphp-sql: weiphp sql
- ThinkPHP /index.php 信息泄露漏洞(CVE-2022-25481)