Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
X2Engine 权限许可和访问控制漏洞
Vulnerability Description
X2Engine是美国X2Engine公司的一套开源的客户关系管理系统(CRM)。该系统提供生成销售报价、制定销售流程和快速查看联系人等功能。 X2Engine 4.1.7及之前版本的FileUploadsFilter.php脚本存在安全漏洞。当程序运行在case-insensitive文件系统上时,远程攻击者可通过上传可执行的扩展文件利用该漏洞绕过上传的黑名单,实施任意文件上传攻击。
CVSS Information
N/A
Vulnerability Type
N/A