Design/Logic Flaw

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

PHPCMS v9. 6. 0 arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

Author: p0wd3r know Chong Yu 404 security lab Date: 2017-04-12 0x00 vulnerability overview Vulnerability description A few days ago phpcms v9. 6 arbitrary file upload vulnerability caused by a safety ring hot, by the vulnerability the attacker may be in the unauthorized case any file is uploaded,...