Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php, (10) system/seo/view.php, (11) view.php, (12) users/attributes.php, (13) scrapbook/view.php, (14) pages/attributes.php, (15) files/attributes.php, or (16) files/search.php in single_pages/dashboard/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Concrete5 跨站脚本和路径泄露漏洞
Vulnerability Description
concrete5是美国Portland实验室开发的一套免费的内容管理系统(CMS)。该系统可直接在页面上编辑、排版。 Concrete5 5.6.3之前版本中存在安全漏洞。远程攻击者可通过向single_pages/dashboard/ URI中的多个脚本(包括:system/basics/editor.php,system/view.php,system/environment/file_storage_locations.php,system/mail/importers.php,system/ma
CVSS Information
N/A
Vulnerability Type
N/A