Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for WordPress 1.0.b1 through 1.1.3; Solo 1.0.b1 through 1.1.2; Admin Tools Core and Professional 2.0.0 through 2.4.4; and CMS Update 1.0.a1 through 1.0.1, when performing a backup or update for an archive, does not delete parameters from $_GET and $_POST when it is cleansing $_REQUEST, but later accesses $_GET and $_POST using the getQueryParam function, which allows remote attackers to bypass encryption and execute arbitrary code via a command message that extracts a crafted archive.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Akeeba Restore 输入验证漏洞
Vulnerability Description
Akeeba Backup for Joomla! Professional等都是塞浦路斯Akeeba公司的产品。Akeeba Backup for Joomla! Professional是一套用于Joomla!中的网站备份软件;Admin Tools Core and Professional是一套网站维护工具。CMS Update是一个Joomla!更新组件。Akeeba Restore(restore.php)是一套数据恢复软件。 Joomla!等多款产品中使用的Akeeba Restore (r
CVSS Information
N/A
Vulnerability Type
N/A