漏洞描述
Menalto Gallery是一个基于网络的非常有名的免费开源图库相册程序,功能非常强大。 Menalto Gallery 3.0之前及beta版本中的modules/gallery/models/item.php中存在无限制文件上传漏洞。带有上传权限的远程认证用户可以通过上传带有可执行扩展名的文件,并借助对未明目录中文件的直接请求访问该文件,导致执行任意代码。
Menalto Gallery item.php任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2009-4202: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
- POC CVE-2010-2035: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
- POC CVE-2010-2507: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
- POC CVE-2011-4624: GRAND FlAGallery 1.57 - Cross-Site Scripting
- POC CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
- POC CVE-2014-9094: WordPress DZS-VideoGallery Plugin Cross-Site Scripting
- POC CVE-2016-1000134: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000135: WordPress HDW Video Gallery <=1.2 - Cross-Site Scripting
- POC CVE-2016-1000153: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
- POC CVE-2019-15829: Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
- POC CVE-2021-24291: WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
- POC CVE-2021-24915: Contest Gallery < 13.1.0.6 - SQL injection
- POC CVE-2021-24970: WordPress All-In-One Video Gallery <2.5.0 - Local File Inclusion