Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ELSEIF CMS Beta 0.6 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code by uploading a .php file via externe/swfupload/upload.php. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in ELSEIF CMS.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ELSEIF CMS 'upload.php' alphanumeric参数多个输入验证漏洞
Vulnerability Description
ELSEIF CMS Beta 0.6不能正确解除变数,当输入参数包含含有一个alphanumeric参数碎片值相匹配值的一个数据参数时,远程攻击者可以借助externe/swfupload/upload.php上载一个.php文件执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A