An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size, $varname_name, $varname_type). These variables could be overwritten by attackers, causing the application to process unauthorized files.
| Link | Tags |
|---|---|
| https://gitee.com/CTF-hacker/pwn/issues/I7LH2N | third party advisory issue tracking exploit |
| https://github.com/capture0x/WBCE_CMS | |
| https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html |