wechat-broadcast Wechat Broadcast <= 1.2.0 – Local/Remote File Inclusion
This bug was found in the file:

/wechat-broadcast/wechat/Image.php

echo file_get_contents(isset($_GET["url"]) ? $_GET["url"] : '');

The parameter "url" it is not sanitized allowing include local or remote
files

To exploit the vulnerability only is needed use the version 1.0 of the HTTP
protocol to interact with the application.

SEO News and More

SEO News and More

Share This