Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in Content Management Made Easy (CMME) 1.12 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the env parameter in a weblog action to index.php, or (2) create arbitrary directories via a .. (dot dot) in the env parameter in a login action to admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CMME 多文件目录遍历漏洞
Vulnerability Description
Content Management Made Easy 。是一款开源的基于php的内容管理系统。 Content Management Made Easy (CMME) 1.12版本存在多个目录遍历漏洞。远程攻击者可以借助到index.php的web博客操作中的env参数中的"..",读取任意文件或者通过admin.php 登录操作环境参数里的".."创建任意的目录。
CVSS Information
N/A
Vulnerability Type
N/A