Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SocialEngine TimeLine插件权限许可和访问控制漏洞
Vulnerability Description
SocialEngine是美国SocialEngine团队开发的一套基于PHP的社交网络软件。TimeLine是其中的一个时间轴插件,该插件可记录发布文章、照片、视频等内容的时间。 SocialEngine Timeline插件4.2.5p9版本中的‘user profile’页面中存在任意文件上传漏洞。远程攻击者通过上传可执行的扩展文件到public/temporary/timeline/目录利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A