Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows the user to upload a background image, and mishandles extension checking. It accepts uploads of PHP content if the first few characters match GIF data, and the filename ends in ".php" with mixed case, such as the .pHp extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Rukovoditel Project Management CRM 安全漏洞
Vulnerability Description
Rukovoditel Project Management CRM是一套基于Web的开源项目管理软件。该软件具有项目管理、客户管理管理等功能。 Rukovoditel Project Management CRM 2.3.1版本中存在远程代码执行漏洞,该漏洞源于程序错误地处理了对扩展名的检查。远程攻击者可借助具有大小写字母的‘.php’扩展名(例如:.pHp)利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A