Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Static code injection vulnerability in Simploo CMS 1.7.1 and earlier allows remote authenticated users to inject arbitrary PHP code into config/custom/base.ini.php via the ftpserver parameter (FTP-Server field) to the sicore/updates/optionssav operation for index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simploo CMS base.ini.php任意代码注入漏洞
Vulnerability Description
Simploo CMS 1.7.1及之前版本中存在静态代码注入漏洞。远程认证用户可以借助index.php的sicore/updates/optionssav操作中的ftpserver参数(FTP-Server字段)向config/custom/base.ini.php注入任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A