b2evolution
interesting stuff
# login page
/htsrv/login.php
# config file
/conf/_basic_config.phpFile upload (authenticated as new user is fine)
Try as version doesn't affect this vulnerability.
v6.8.2 | v6.9.3
# as user: kashz; while commenting on post, upload a .php file
# hovering on the "download-icon" (not file-name) shows upload pathLast updated
Was this helpful?