漏洞描述
ScriptsFeed Realtor Classifieds System (又称作 Real Estate Classifieds)的任意文件上传漏洞。远程认证用户通过会上传一个具有例如logo那样的可执行扩展名的一个文件并向classifieds1/yellow_images/的文件提交一个直接请求来访问该文件,以执行任意代码。
ScriptsFeed Realtor Classifieds System 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- 泛微e-office /E-mobile/App/System/UserSelect/dept.php 未授权访问漏洞
- School Fees Payment System /student.php SQL 注入漏洞(CVE-2025-6403)
- POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
- 中成科信票务管理系统 /SystemManager/OrderManager/OrderManager.ashx 文件读取漏洞
- HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞(CVE-2025-10197)
- Code-Projects Project Monitoring System SQL注入漏洞
- CodeAstro Gym Management System SQL注入漏洞
- CodeAstro Gym Management System SQL注入漏洞
- ZYCOO CooVox Series IP Phone System /login 默认口令漏洞
- PHPGurukul Employee Record Management System 代码注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- Code-Projects Simple Scheduling System SQL注入漏洞
- CodeAstro Student Grading System SQL注入漏洞