Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
X2Engine X2CRM 输入验证漏洞
Vulnerability Description
X2Engine X2CRM是美国X2Engine公司的一套开源的客户关系管理程序(CRM)。 X2Engine X2CRM 5.0.9之前版本的protected/components/filters/FileUploadsFilter.php脚本中的FileUploadsFilter类中存在不完整黑名单漏洞。远程攻击者可通过上传带有.pht扩展名的文件利用该漏洞执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A