漏洞描述
Pre Projects Pre Real Estate Listings中的profile.php存在未限制文件上传漏洞。远程认证用户可以通过上传一个带有可执行性扩展名的文件作为一个侧面标识,然后再借助一个对re_images/中的文件的直接请求来访问它,从而实现任意代码执行。
Pre Projects Pre Real Estate Listings 'profile.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- Code-Projects Refugee Food Management System SQL注入漏洞
- Code-Projects College Notes Uploading System SQL注入漏洞
- Code-Projects Assessment Management SQL注入漏洞
- mJobtime /Default.aspx/update_profile_Server 命令执行漏洞(CVE-2025-51683)
- Langflow /api/v1/files/profile_pictures/../langflow.db 目录遍历漏洞
- POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
- Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- Code-Projects Project Monitoring System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects E-Commerce Website SQL注入漏洞
- Code-Projects Medical Store Management System 注入漏洞