Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XCMS 'ceip.php' 代码注入漏洞
Vulnerability Description
XCMS 1.83以及更早的版本中的ceip.php脚本可以在不退出的情况下发送一个重定向请求给Web浏览器,这使得远程攻击者可以通过testo_0参数实施定向状态代码注入攻击并且执行任意代码,管理并操作index.php这使得dati/generali/footer.dtb可以被写入(我们通常知道,这是一个XCMS 页脚)。
CVSS Information
N/A
Vulnerability Type
N/A