Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The XSLTCompiledTransform function in Ektron Content Management System (CMS) before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or possibly have unspecified other impact via crafted XSL data.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ektron Content Management System 安全漏洞
Vulnerability Description
Ektron Content Management System(CMS)是美国Ektron公司的一套企业级Web内容管理系统(CMS)。该系统支持所见即所得编辑器、内容布局和拖拽操作等。 Ektron CMS 8.02 SP5之前的版本中的‘XSLTCompiledTransform’函数存在安全漏洞,该漏洞源于程序配置有XSL,并将enableDocumentFunction设为true。远程攻击者可借助特制的XSL数据利用该漏洞读取任意文件,从而绕过身份验证,更改查看状态或造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A