漏洞标题
无限制上传的PHPVibe媒体上传页面upload-mp3.php
漏洞描述信息
一种被评定为“关键”级别的漏洞被发现存在于PHPVibe 11.0.46中。受影响的为组件“媒体上传页面”中的文件/app/uploading/upload-mp3.php中的一个未知函数。通过操纵参数“file”,可以实现无限制上传。此攻击可远程发动。该漏洞已被公开披露,并可能被利用。此漏洞的标识为VDB-268824。需要注意的是,该厂商在早些时候收到了此披露信息,但未以任何方式作出回应。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
危险类型文件的不加限制上传
漏洞标题
PHPVibe Media Upload Page upload-mp3.php unrestricted upload
漏洞描述信息
A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268824. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
漏洞类别
危险类型文件的不加限制上传
漏洞标题
PHPVibe 代码问题漏洞
漏洞描述信息
PHPVibe是PHPVibe公司的一个免费视频管理系统。 PHPVibe 11.0.46版本存在代码问题漏洞,该漏洞源于对参数文件的操作会导致不受限制的文件上传。
CVSS信息
N/A
漏洞类别
代码问题