漏洞描述
phpEmployment 1.8的auth.php中存在无限制文件上传漏洞。远程攻击者通过在regnew操作时上传一个具有可执行扩展名的文件并通过对photoes/的文件的一个直接请求来访问该文件,以执行任意代码。
W2B phpEmployment 'auth.php'任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2017-11107: phpLDAPadmin <= 1.2.3 - Reflected XSS
- POC CVE-2019-9082: ThinkPHP < 3.2.4 - Remote Code Execution
- POC CVE-2024-2862: LG LED Assistant - Unauthenticated Password Reset
- POC jboss-jmx-console-unauth: JBoss JMX Console - Unauthenticated Access
- POC phpmyadmin-fpd: phpMyAdmin Full Path Disclosure
- POC wp-better-wp-security-login-disclosure: WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure
- phpMyFAQ /api/setup/backup 信息泄露漏洞(CVE-2025-69200)
- Yealink T53 Phone /api/auth/login 默认口令漏洞
- PHP 安全漏洞
- POC 网神SecFox运维安全管理与审计系统 /3.0/authService/login 命令执行漏洞
- POC CVE-2019-10647: ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)
- POC CVE-2019-17671: WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts
- POC CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution