漏洞描述
BitScripts Bits Video Script 2.04和2.05 Gold Beta版本中的register.php和addvideo.php存在多个自由文件上载漏洞。程攻击者可以借助对未明目录中文件的一个直接请求,用一个执行扩展名上载文件并执行任意代码,并访问该文件。
Bits Video Script 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2016-15041: MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting
- POC CVE-2019-12935: Shopware < 5.5.8 - Cross-Site Scripting
- POC CVE-2024-29137: WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting
- POC CVE-2024-29792: Unlimited Elements for Elementor <= 1.5.93 - Cross Site Scripting
- POC CVE-2025-46549: YesWiki <= 4.5.1 - Cross-Site Scripting
- POC CVE-2025-46550: YesWiki < 4.5.4 - Cross-Site Scripting
- POC wp-advanced-responsive-video-embedder-fpd: WordPress Advanced Responsive Video Embedder - Full Path Disclosure
- POC CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC CVE-2017-20192: Formidable Forms < 2.05.02 - Cross-Site Scripting
- POC CVE-2021-24213: GiveWP <= 2.9.7 - Cross-Site Scripting
- POC CVE-2021-24657: Limit Login Attempts WordPress - Stored Cross-site Scripting
- POC CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting
- POC CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting