cve/CVE-2020-26806.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.

POC

Reference

https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html
https://packetstormsecurity.com/files/163709/ObjectPlanet-Opinio-7.13-Shell-Upload.html

Github

https://github.com/ARPSyndicate/cvemon

833 B Raw Blame History

CVE-2020-26806

Description

POC

Reference

Github

833 B

Raw Blame History