Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. Thus, if a user can control the content of a .html file, then they can inject a payload with a malicious template directive to gain Remote Command Execution. The exploit will work only with the .html extension.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Total.js CMS 路径遍历漏洞
Vulnerability Description
Total.js CMS是一套基于NoSQL数据库的内容管理系统(CMS)。 Total.js CMS 12.0.0版本中存在路径遍历漏洞。攻击者可利用该漏洞包含被限制目录之外的.html文件。
CVSS Information
N/A
Vulnerability Type
N/A