Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3) the disclaimer parameter to modules/system/admin.php in a disclaimer action, (4) the disclaimer parameter to modules/mydownloads/admin/index.php in a mydownloadsConfigAdmin action, (5) the disclaimer parameter to modules/newbb_plus/admin/forum_config.php, (6) the disclaimer parameter to modules/mylinks/admin/index.php in a myLinksConfigAdmin action, or (7) the intro parameter to modules/sections/admin/index.php in a secconfig action, which inject PHP sequences into (a) sections/cache/intro.php, (b) mylinks/cache/disclaimer.php, (c) mydownloads/cache/disclaimer.php, (d) newbb_plus/cache/disclaimer.php, (e) system/cache/disclaimer.php, (f) system/cache/footer.php, (g) system/cache/header.php, or (h) system/cache/maintenance.php in modules/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RunCMS 多个静态代码注入漏洞
Vulnerability Description
RunCMS存在多个直接静态代码注入漏洞,远程验证管理员可以借助以下方式注入任意PHP代码:对meta-generator操作中模数/系统/管理员php的(1)页眉和(2)页脚参数,(3)一个拒绝操作中的模数/系统/管理员php的拒绝参数,(4)一个mydownloadsConfigAdmin操作中的modules/mydownloads/admin/index.php的拒绝参数,(5) modules/newbb_plus/admin/forum_config.php中的拒绝参数,(6)一个myLink
CVSS Information
N/A
Vulnerability Type
N/A