漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
InstantCMS <= 1.6 Remote PHP Code Execution
漏洞信息
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
漏洞信息
N/A
漏洞
动态执行代码中指令转义处理不恰当(Eval注入)
漏洞
InstantCMS 安全漏洞
漏洞信息
InstantCMS是instantSoft开源的一个免费的开源 CMS。 InstantCMS 1.6及之前版本存在安全漏洞,该漏洞源于eval函数使用不当,可能导致远程代码执行。
漏洞信息
N/A
漏洞
N/A