ATutor 2.2 文件上传漏洞
CVE-2014-9752版本限制在2.2以及以下
[-] Vulnerability Description:
User input passed through the "customicon" when creating a new course is not properly
sanitized before being uploaded into the /content/ directory. This could be exploited
to upload and execute arbitrary PHP code. Successful exploitation of this vulnerability
requires an account with permissions to create new courses.
页:
[1]