Zorlan SkyCaiji Unrestricted File Upload Vulnerability in Tool.php

Vulnerability

A critical unrestricted file upload vulnerability has been identified in Zorlan SkyCaiji version 2.9. The issue resides in the file vendor/skycaiji/app/admin/controller/Tool.php, specifically within the fileAction function. The vulnerability is triggered by manipulating the save_data argument, allowing for unauthorized file uploads. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, which could lead to various consequences depending on the application's file handling and execution capabilities.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.3

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zorlan SkyCaiji Unrestricted File Upload Vulnerability in Tool.php

Vulnerability

Impact

Affected Products

Zorlan SkyCaiji

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating