Primary

Context

WCMS 11 Advertisement Image Handler Unrestricted File Upload Vulnerability

Vulnerability

A critical arbitrary file upload vulnerability has been identified in WCMS version 11. This issue resides in the Advertisement Image Handler component, specifically within the 'sub' function of 'app/admin/AdvadminController.php'. The vulnerability allows remote attackers to upload malicious scripts, such as PHP files, which could be executed on the server.

Impact

Exploitation of this vulnerability allows for unrestricted file uploads, enabling the execution of malicious scripts on the server.

Reproduction

To reproduce this vulnerability, access the 'Advertisement Image' feature in the WCMS 11 admin panel. The upload functionality does not properly validate file types or contents, allowing the upload of harmful PHP scripts. Once uploaded, these scripts can be executed via the web service.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WCMS 11 Advertisement Image Handler Unrestricted File Upload Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

WCMS 11

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating