CVE-2018-9205: Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion
PoC2025-08-01
影响软件
Drupal avatar_uploader
关联产品
漏洞描述
In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.
PoC / 利用代码
登录后可查看 PoC 内容