Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
2-Plan Team 1.0.4 Arbitrary File Upload via managefile.php
Vulnerability Description
2-Plan Team 1.0.4 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload executable PHP files by sending multipart form data to managefile.php. Attackers can upload PHP files through the userfile1 parameter with action=upload, which are stored in the files directory and executed by the web server for remote code execution.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
2-Plan Team 代码问题漏洞
Vulnerability Description
2-Plan Team是德国2-Plan公司的一个项目规划软件。 2-Plan Team 1.0.4版本存在代码问题漏洞,该漏洞源于managefile.php中的userfile1参数存在任意文件上传,可能导致上传并执行PHP文件,实现远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A