The permission settings allow a remote attacker to execute arbitrary code by uploading a file type.
Components that control system settings:install/resources/setting.php
Component for controlling product image upload:protected/controller/backend/goods_controller.php
Vulnerability Reproduction
step1
Log in to backend
step2
Add php file extension
step3
Upload malicious script files through the interface for uploading product images
POC:
step4
通过前端页面获取文件路径
getshell
The permission settings allow a remote attacker to execute arbitrary code by uploading a file type.
Components that control system settings:install/resources/setting.php
Component for controlling product image upload:protected/controller/backend/goods_controller.php
Vulnerability Reproduction
step1
Log in to backend
step2
Add php file extension
step3
Upload malicious script files through the interface for uploading product images
POC:
step4
通过前端页面获取文件路径
getshell