漏洞描述
FOSS Gallery Admin 和 FOSS Gallery Public的processFiles.php中存在无限制文件上传漏洞,远程攻击者可以通过上传一个具有可执行扩展名的文件并通过向根目录下的文件提出一个直接请求来访问该文件,以执行任意代码。
FOSS Gallery 'processFiles.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2009-4202: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
- POC CVE-2010-2035: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
- POC CVE-2010-2507: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
- POC CVE-2011-4624: GRAND FlAGallery 1.57 - Cross-Site Scripting
- POC CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
- POC CVE-2014-9094: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
- POC CVE-2016-1000134: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000135: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000153: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
- POC CVE-2019-15829: Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
- POC CVE-2021-24291: WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
- POC CVE-2021-24915: Contest Gallery < 13.1.0.6 - SQL injection
- POC CVE-2021-24970: WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion