漏洞描述
Social Groupie是一个社交网络脚本,如同Facebook。 Ajax的脚本及应用。 Social Groupie的Photos/create_album.php中存在无限制文件上传漏洞。远程验证用户通过上传一个具有可执行扩展名的文件,并通过对Member_images/的文件提交一个直接请求来访问该文件,执行任意代码。
Social Groupie 'create_album.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-6753: Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting
- POC CVE-2012-4273: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
- POC CVE-2017-18500: Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
- POC CVE-2017-18501: Social Login by BestWebSoft < 0.2 - Cross-Site Scripting
- POC CVE-2019-9978: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
- POC CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
- POC CVE-2021-24956: Blog2Social < 6.8.7 - Cross-Site Scripting
- POC CVE-2021-24987: WordPress Super Socializer <7.13.30 - Cross-Site Scripting
- POC CVE-2021-25065: Smash Balloon Social Post Feed < 4.1.1 - Authenticated Reflected Cross-Site Scripting
- POC CVE-2021-25120: Easy Social Feed < 6.2.7 - Cross-Site Scripting
- POC CVE-2021-39322: WordPress Easy Social Icons Plugin < 3.0.9 - Cross-Site Scripting
- POC CVE-2022-2383: WordPress Feed Them Social <3.0.1 - Cross-Site Scripting
- POC CVE-2022-4971: Sassy Social Share <= 3.3.3 - Cross-Site Scripting