漏洞描述
BitScripts Bits Video Script 2.04和2.05 Gold Beta版本中的register.php和addvideo.php存在多个自由文件上载漏洞。程攻击者可以借助对未明目录中文件的一个直接请求,用一个执行扩展名上载文件并执行任意代码,并访问该文件。
Bits Video Script 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
- POC CVE-2025-51990: XWiki – Stored Cross-Site Scripting (XSS)
- POC CVE-2024-50857: GestioIP - Reflected Cross-Site Scripting
- POC CVE-2024-28623: RiteCMS 3.0.0 - Cross-site Scripting
- POC CVE-2018-25031: Swagger UI < 3.38.0 - Cross-Site Scripting
- POC CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC CVE-2025-24752: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
- POC CVE-2025-25062: Backdrop CMS - Cross-Site Scripting
- POC CVE-2025-50738: Memos < 0.25.0 - Stored Cross-Site Scripting
- POC CVE-2025-8191: Swagger UI >=3.14.1 < 3.38.0 - DOM Based Cross-Site Scripting
- POC CVE-2002-1131: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting
- POC CVE-2004-0519: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
- POC CVE-2005-4385: Cofax <=2.0RC3 - Cross-Site Scripting