漏洞描述
WebXell Editor 是一款基于web电子表格软件。 WebXell Editor 0.1.3的upload_pictures.php中存在无限制文件上传漏洞,该漏洞会允许远程攻击者通过上传一个具有jpeg文件类型的.php文件并通过向upload/中的文件提交一个直接请求来对此进行访问,以执行任意代码。
WebXell Editor 'upload_pictures.php' 任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC joe-deadjoe-file-exposure: Joe Editor DEADJOE File - Exposure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-user-role-editor-fpd: User Role Editor - Full Path Disclosure
- POC CVE-2021-33829: Drupal 7 CKEditor XSS
- POC wp-members-error-log-disclosure: WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure
- POC wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC wp-user-role-editor-fpd: User Role Editor - Full Path Disclosure
- 全程云 /OA/api/2.0/Common/AttachFile/UploadEditorFile 文件上传漏洞
- POC unauth-kafka-config-editor: Kafka Config Editor - Unauthenticated Access
- 索贝融媒体 /sobey-mchEditor/count/getCountByCode SQL 注入漏洞
- POC 索贝融媒体 /sobey-mchEditor/mch/Jzt/statistics/countJztArticleGroupByChannel2 SQL 注入漏洞
- 索贝融媒体 /sobey-mchEditor/mch/Articlelist/articleExamineExport SQL 注入漏洞
- 索贝融媒体 /sobey-mchEditor/mch/jztEditorScore/queryEditorScoreRank SQL 注入漏洞