Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
dadaIMC '.htaccess'文件任意PHP代码执行漏洞
Vulnerability Description
dadaIMC .99.3在已经安装的.htaccess文件中使用不充分限制的FilesMatch指令,远程攻击者可以通过上载文件名中含有(1)feature,(2)editor,(3)newswire,(4)otherpress,(5)admin,(6)pbook,(7)media或(8)mod的文件(当作PHP文件类型处理(application/x-httpd-php)来执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A