ChenJinchuang Lin-CMS-TP5 File Upload Code Injection Vulnerability

A code injection vulnerability has been identified in ChenJinchuang Lin-CMS-TP5 versions through 0.3.3. The issue arises in the file upload handler, specifically within the 'Upload' function of 'application/lib/file/LocalUploader.php'. The vulnerability allows for arbitrary file uploads, which can be exploited remotely. Uploaded files are saved in a publicly accessible directory, and if the server permits execution of scripts in that location, this could lead to remote code execution, persistent backdoors, or information leakage.

Impact

Exploitation of this vulnerability allows for code injection, with the potential for remote code execution, according to the vulnerability source.

Reproduction

To reproduce this vulnerability, send a POST request to '/cms/file' with the 'file' parameter containing a malicious PHP file. The uploaded file will be saved in the 'public/uploads' directory, where it can be accessed and executed.