Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Blog Pixel Motion 权限验证漏洞
Vulnerability Description
Blog Pixel Motion (又称 PixelMotion)的admin/modif_config.php并不要求管理权限验证,远程攻击者上传任意PHP脚本到一个ZIP存档文件,即书写在templateZip/中然后再自动地通过一个直接请求在templates/下提取执行。
CVSS Information
N/A
Vulnerability Type
N/A