Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in adminpanel/scripts/addphotos.php in BandSite CMS 1.1.4 allows remote authenticated administrators to execute arbitrary PHP code by uploading a file with an executable extension via an addphotos action to adminpanel/index.php, and then accessing the file via a direct request with an images/gallery/ directory name. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BandSite CMS 'adminpanel/scripts/addphotos.php'未限制文件上传漏洞
Vulnerability Description
BandSite CMS 是一个功能全面的网站内容管理系统。 BandSite CMS的adminpanel/scripts/addphotos.php中存在未限制文件上传漏洞,远程认证管理员可通过adminpanel/index.pho的addphotos操作上传带有任意可执行扩展名的文件,并通过image/gallery/目录名直接访问该文件。
CVSS Information
N/A
Vulnerability Type
N/A