漏洞描述
FOSS Gallery Admin 和 FOSS Gallery Public的processFiles.php中存在无限制文件上传漏洞,远程攻击者可以通过上传一个具有可执行扩展名的文件并通过向根目录下的文件提出一个直接请求来访问该文件,以执行任意代码。
FOSS Gallery 'processFiles.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
- POC nextgen-gallery-pro-error-log: WordPress NextGEN Gallery Pro - Error Log Disclosure
- POC wp-nextgen-gallery-log: WordPress Gallery Plugin / NextGEN Gallery (nextgen-gallery) Error Log Disclosure
- (CVE-2023-53868)Coppermine Gallery 1.6.25插件管理器远程代码执行漏洞
- POC CVE-2009-4202: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
- POC CVE-2010-2035: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
- POC CVE-2010-2507: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
- POC CVE-2011-4624: GRAND FlAGallery 1.57 - Cross-Site Scripting
- POC CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
- POC CVE-2014-9094: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
- POC CVE-2016-1000134: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000135: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000153: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting