HongCMS 3.0 - Arbitrary Files Read and Edit in template/edit (Administrator Privilege)

[Anx1a]

1.Login to the backstage as the administrator;

2.You need to access the page"http://10.12.11.184/hongcms-master/admin/index.php/template"

3.Change the file name you want to edit or read in the URL and access this page. For example: "http://10.12.11.184/hongcms-master/admin/index.php/template/edit?dir=../../&file=index.php".

4.You can see that index.php has been read and edited.