Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow (1) remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking boards/boards_rss.php, and might allow (2) remote attackers to inject arbitrary PHP code into files via the HTTP Host header in a request to boards/boards_rss.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Bitweaver rss/feedcreator.class.php模块saveFeed()函数多个静态代码注入漏洞
Vulnerability Description
Bitweaver是一套免费、开源的Web应用框架和内容管理系统。该系统包含文章管理、Wiki、Blog、图片管理、日历、用户管理等模块。 Bitweaver的rss/feedcreator.class.php模块的saveFeed()函数中存在多个静态代码注入漏洞。允许远程认证用户可以通过将该用户的"display name" 配置放置到PHP序列中,然后调用boards/boards_rss.php文件,注入任意PHP代码;也可能允许远程攻击者借助boards/boards_rss.php请求中的HT
CVSS Information
N/A
Vulnerability Type
N/A