Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
rConfig 代码问题漏洞
Vulnerability Description
rConfig是一款开源的网络配置管理实用程序。 rConfig 3.9.4版本中的vendor.crud.php文件存在安全漏洞,该漏洞源于文件上传功能未进行正确验证。攻击者可通过向vendor.php文件上传包含任意PHP代码的.php文件并将‘content-type’字段更改为image/gif利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A