Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Static code injection vulnerability in ajax_save_name.php in the Ajax File Manager module in the tinymce plugin in FreeWebshop 2.2.9 R2 and earlier allows remote attackers to inject arbitrary PHP code into data.php via the selected document, as demonstrated by a call to ajax_file_cut.php and then to ajax_save_name.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FreeWebshop ‘ajax_save_name.php’代码注入漏洞
Vulnerability Description
FreeWebshop 2.2.9 R2和早期版本中的tinymce插件中的Ajax File Manager模块中的ajax_save_name.php中存在静态代码注入漏洞。远程攻击者通过selected文档如调用ajax_file_cut.php脚本再调用ajax_save_name.php脚本来利用该漏洞,可注入任意PHP代码到data.php脚本。
CVSS Information
N/A
Vulnerability Type
N/A