漏洞描述
ScriptsFeed Realtor Classifieds System (又称作 Real Estate Classifieds)的任意文件上传漏洞。远程认证用户通过会上传一个具有例如logo那样的可执行扩展名的一个文件并向classifieds1/yellow_images/的文件提交一个直接请求来访问该文件,以执行任意代码。
ScriptsFeed Realtor Classifieds System 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- 金慧综合管理信息系统SystemName参数存在SQL注入漏洞
- Code-Projects Refugee Food Management System SQL注入漏洞
- CampCodes Supplier Management System SQL注入漏洞
- Code-Projects College Notes Uploading System SQL注入漏洞
- itsourcecode Online Frozen Foods Ordering System SQL注入漏洞
- (CVE-2025-15011)Simple Stock System 1.0 logout.php SQL注入漏洞
- POC CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
- POC CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting
- 中成科信票务管理系统 /SystemManager/Api/TicketManager.ashx SQL 注入漏洞
- 泛微e-office /E-mobile/App/System/UserSelect/dept.php 未授权访问漏洞
- School Fees Payment System /student.php SQL 注入漏洞(CVE-2025-6403)
- (CVE-2021-4462)Employee Records System 1.0任意文件上传漏洞
- POC CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection