Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. This can be exploited in conjunction with a CKFinder feature that allows file upload.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
BLUE RIVER Mura CMS 安全漏洞
Vulnerability Description
BLUE RIVER Mura CMS是美国BLUE RIVER INTERACTIVE GROUP公司的一套内容管理系统。 BLUE RIVER Mura CMS 7.0.7029之前版本中存在安全漏洞,该漏洞源于程序没有正确的限制文件类型或路径名。远程攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A