Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XiaoCms 安全漏洞
Vulnerability Description
XiaoCms是一套基于PHP和MySQL并能够运行在Linux、Windows等平台上的轻量级内容管理系统(CMS)。 XiaoCms 20141229版本中的admin\controller\uploadfile.php文件存在安全漏洞。远程攻击者可通过使用‘type’参数利用该漏洞绕过对上传文件类型的限制(jpg、jpeg、bmp、png和gif)。
CVSS Information
N/A
Vulnerability Type
N/A