漏洞描述
Moonware (又称Dale Mooney Gallery)的config/upload.php中存在不限制文件上传漏洞。远程攻击者可以上传并执行任意images/的PHP文件,且与config/admin.php相关。
Dale Mooney Moon Gallery Upload.PHP 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-46349: YesWiki Reflected XSS via File Upload
- 仓储系统和物流管理系统Business_Upload.ashx存在任意文件上传漏洞
- POC CVE-2012-10018: WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload
- POC CVE-2025-52691: SmarterMail - Unrestricted File Upload
- POC CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC CVE-2018-9206: Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload
- POC CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
- POC CVE-2024-2863: LG LED Assistant - Thumbnail Path Traversal File Upload
- POC nextgen-gallery-pro-error-log: WordPress NextGEN Gallery Pro - Error Log Disclosure
- POC wp-nextgen-gallery-log: WordPress Gallery Plugin / NextGEN Gallery (nextgen-gallery) Error Log Disclosure
- 东胜物流软件 /TruckMng/MsWlDriver/UploadFile 文件上传漏洞
- Code-Projects College Notes Uploading System SQL注入漏洞
- 安友固定资产管理系统 DoUpload 任意文件上传漏洞