Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
razorCMS认证绕过漏洞
Vulnerability Description
razorCMS是一套使用PHP语言编写的开源内容管理系统,它的所有数据均是以平面文件的形式存储的,所以无须安装一个数据库。 razorCMS 1.2.1之前版本中的admin/core/admin_func.php脚本中存在漏洞,该漏洞源于没有限制访问某些管理员的目录和文件。远程认证攻击者利用该漏洞通过fileman或(2)filemanview操作中的dir参数,读取,编辑,重命名,移动,和删除文件。注意:此漏洞与‘路径遍历’有关。
CVSS Information
N/A
Vulnerability Type
N/A