漏洞描述
NetArt Media Car Portal是一款基于WEB的应用程序。 NetArt Media Car Portal 3.0版本中存在不受限制上传任意文件漏洞。通过上传带有两个扩展名的文件(如 .php%00.jpg),远程攻击者利用该漏洞执行任意PHP代码。
NetArt Media Car Portal 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- itsourcecode Open Source Job Portal SQL注入漏洞
- 用友U8Cloud /servlet/~uap/nc.merp.bs.maportal.NCPortalServlet XML 外部实体注入漏洞
- mojoPortal imagehandler存在任意文件读取漏洞
- POC CVE-2010-1312: Joomla! Component News Portal 1.5.x - Local File Inclusion
- POC CVE-2014-4535: Import Legacy Media <= 0.1 - Cross-Site Scripting
- POC CVE-2015-3897: Bonita BPM Portal <6.5.3 - Local File Inclusion
- POC CVE-2016-15042: WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
- POC CVE-2017-14186: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting
- POC CVE-2019-6112: WordPress Sell Media 2.4.1 - Cross-Site Scripting
- POC CVE-2019-9618: WordPress GraceMedia Media Player 1.0 - Local File Inclusion
- POC CVE-2020-7961: Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution
- POC CVE-2021-25074: WordPress WebP Converter for Media < 4.0.3 - Unauthenticated Open Redirect
- POC CVE-2022-1398: External Media without Import <=1.1.2 - Authenticated Blind Server-Side Request Forgery