3 matches found
CVE-2024-54462
The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...
CVE-2024-54462
The file names constructed within imagepicker are missing sanitization checks leaving them vulnerable to malicious document providers. This may result in cases where a user with a malicious document provider installed can select an image file from that provider while using your app and could...
建站之星任意文件上传漏洞(续二)
简要描述: 建站之星任意文件上传漏洞续二 详细说明: 1 漏洞产生 /module/modmedia.php flashpicker 和 imagepicker 两个函数 imagepicker 函数 None 访问upload.php并上传文件,上传的时候用Burpsuite 抓包 并修改 点击Forward即可在 https://images.seebug.org/upload/flash 下面生成php文件...