Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Havalite CMS Arbitary File Upload RCE
Vulnerability Description
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Havalite CMS 安全漏洞
Vulnerability Description
Havalite CMS是Havalite个人开发者的一个内容管理系统。 Havalite CMS 1.1.7及之前版本存在安全漏洞,该漏洞源于文件上传验证不足,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A