Arbitrary file read & RCE vulnerability in "catchImage"
Closed this issue · 1 comments
gml-sec commented
Description
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.
Impact Version
lightcms latest version (v1.3.5)
Steps to Reproduce
Arbitrary File Reading
Remote Code Execution
Place the php file which wants to be executed on your own server, and download it:
eddy8 commented
thanks