Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SDCMS 路径遍历漏洞
Vulnerability Description
SDCMS是中国烟火网络科技公司的一套基于PHP和MySQL的企业建站内容管理系统(CMS)。 SDCMS 1.6版本中的app/plug/attachment/controller/admincontroller.php页面存在目录遍历漏洞。攻击者可借助/?m=plug&c=admin&a=index&p=attachment&root= directory URL利用该漏洞读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A