Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sitecore CRM 安全漏洞
Vulnerability Description
Sitecore CRM是丹麦Sitecore公司的一套客户关系管理解决方案。 Sitecore CRM 8.1 Rev 151207版本中的软件包管理器中存在安全漏洞。远程攻击者可通过制造ZIP归档文件利用该漏洞执行任意的ASP代码。
CVSS Information
N/A
Vulnerability Type
N/A