漏洞描述
ProfileCMS 的资料脚本中存在不限制文件上传漏洞。远程攻击者可以借助未明向量,且涉及一个资料的创建,以上传并执行任意PHP指令。
ProfileCMS Profile Creation 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC umbraco-miniprofiler-exposure: Umbraco Mini Profiler - Exposure
- POC CVE-2023-41954: ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation
- POC aem-anonymous-write: Adobe Experience Manager (AEM) - Anonymous JCR Node Creation
- POC unifi-create-user: UniFi - Unauthenticated Creation Access For Users
- (CVE-2025-9393)Linksys路由器addStaProfile函数栈溢出漏洞
- POC CVE-2019-12583: Zyxel ZyWall UAG/USG - Account Creation Access
- POC CVE-2019-9879: WPGraphQL 0.2.3 - User Creation
- POC CVE-2021-24522: ProfilePress < 3.1.11 - Cross-Site Scripting
- POC CVE-2021-27358: Grafana Unauthenticated Snapshot Creation
- POC CVE-2021-34621: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness
- POC CVE-2021-46418: Telesquare TLR-2855KS6 - Arbitrary File Creation
- POC CVE-2022-0653: Wordpress Profile Builder Plugin Cross-Site Scripting
- POC CVE-2022-25369: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation