漏洞描述
Pre Projects Pre Real Estate Listings中的profile.php存在未限制文件上传漏洞。远程认证用户可以通过上传一个带有可执行性扩展名的文件作为一个侧面标识,然后再借助一个对re_images/中的文件的直接请求来访问它,从而实现任意代码执行。
Pre Projects Pre Real Estate Listings 'profile.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
- Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- Code-Projects Project Monitoring System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects E-Commerce Website SQL注入漏洞
- Code-Projects Medical Store Management System 注入漏洞
- POC CVE-2021-24387: WordPress Pro Real Estate 7 Theme <3.1.1 - Cross-Site Scripting
- POC CVE-2022-3933: WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
- POC CVE-2025-2127: JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS
- POC CVE-2025-6934: The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
- POC azure-log-profile-all-activities: Azure Log Profile Missing Critical Activity Categories