Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to (1) the page_manager_page_import_subtask_validate function in page_manager/plugins/tasks/page.admin.inc and (2) the page_manager_handler_import_validate function in page_manager/page_manager.admin.inc.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Angrydonuts Chaos Tool Suite模块多个远程eval注入漏洞
Vulnerability Description
Drupal是很著名的开源内容管理平台,仿照了blog程序模式,但比普通的blog更灵活,可以做各种网站的内容管理平台。 Drupal的Chaos Tool Suite (即CTools)模块的导入功能存在多个eval注入漏洞,拥有页面管理权限的远程认证用户可通过文本区域的输入执行任意PHP代码,这些文本与(1)page_manager/plugins/tasks/page.admin.inc的page_manager_page_import_subtask_validate参数,和(2)page_man
CVSS Information
N/A
Vulnerability Type
N/A