漏洞描述
【漏洞对象】eyoucms v1.0 【涉及版本】 eyoucms v1.0 【漏洞描述】易优内容管理系统(EyouCms)以模板多、易优化、开源而闻名,是国内新锐的PHP开源网站管理系统。其1.0版本与上传图片相关代码页Uploadify.php存在漏洞,攻击者可以在未授权的情况下直接往/index.php/api/Uploadify/preview页面上传php代码的base64编码,即可成功上传webshell,获取服务器权限,对服务器在成极大威胁。
eyoucms v1.0 Uploadify.php-任意文件上传
PoC代码
暂无相关漏洞推荐
- western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- POC CVE-2021-39501: EyouCMS 1.5.4 Open Redirect
- POC CVE-2023-37645: EyouCms v1.6.3 - Information Disclosure
- POC CVE-2023-41597: EyouCms v1.6.2 - Cross-Site Scripting
- POC CVE-2024-22927: eyoucms v.1.6.5 - Cross-Site Scripting
- POC eyoucms-installer: EyouCMS - Installation
- POC weaver-lazyuploadify-file-upload: OA E-Office LazyUploadify - Arbitrary File Upload
- POC weaver-uploadify-file-upload: OA E-Office Uploadify - Arbitrary File Upload
- eyoucms 默认口令
- EyouCms 存在后台代码执行漏洞
- 金和OA C6 jQueryUploadify.ashx SQL注入漏洞
- 金和OA C6 jQueryUploadify.ashx 存在SQL注入漏洞
- 赛蓝企业管理平台 System_FocusList/SubmitUploadify 任意文件上传漏洞