从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:CVE-2024-48093 2. 发现者:Suphawith Phusanbai 3. 漏洞描述:Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. 4. 受影响的产品:Operately 5. 受影响的组件:The file upload function in the Discussions. 6. 攻击类型:Remote 7. 影响代码执行:true 8. 攻击向量: - Step 1: An attacker with a privileged account accesses the Discussions tab and uploads a file containing a reverse shell or other malicious payload. - Step 2: The file upload function fails to validate the file extension or content type, allowing the attacker to successfully upload the malicious file. - Step 3: The malicious file is now stored on the server and is accessible for download by other users. - Step 4: The attacker may use social engineering tactics to convince or trick another user into downloading and executing the uploaded file, such as posing as a legitimate user and suggesting that the file contains important or useful content. - Step 5: Once the target user downloads and executes the file, the attacker's code is executed on the victim's machine. - Step 6: If the malicious file contains a reverse shell or similar payload, the attacker gains remote access to the victim's system, potentially leading to remote code execution. 9. 参考链接: - https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Operately/Findings.md - https://youtu.be/rCYIohrQdxM 10. 厂商确认或承认:true