From de55e2877ed533c0eaed676adb84fc68e23a88f5 Mon Sep 17 00:00:00 2001
From: mr-xn <mrxn.net@gmail.com>
Date: Thu, 20 Feb 2020 14:09:03 +0800
Subject: [PATCH] =?UTF-8?q?add=20YzmCMS=205.4=20=E5=90=8E=E5=8F=B0getshell?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 8d2cad1..7ab5987 100644
--- a/README.md
+++ b/README.md
@@ -119,6 +119,7 @@
 - [【Linux提权/RCE】OpenSMTPD 6.4.0 < 6.6.1 - Local Privilege Escalation + Remote Code Execution](https://www.exploit-db.com/exploits/48051)
 - [CVE-2020-7471-django1.11-1.11.282.2-2.2.103.0-3.0.3 StringAgg(delimiter)使用了不安全的数据会造成SQL注入漏洞环境和POC](https://github.com/Saferman/CVE-2020-7471)
 - [CVE-2019-17564 : Apache Dubbo反序列化漏洞](https://www.anquanke.com/post/id/198747)
+- [YzmCMS 5.4 后台getshell](https://xz.aliyun.com/t/7231)
 
 ## 提权辅助相关