CVE-2021-34128

Published June 15th, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname.

bettershop/LaikeTui

电商商城小程序电商商城系统 PC商城 H5商城 APP商城 Java商城 O2O商城跨境商城 SAAS架构

GitHub

858