Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PACKET TIDE ExpressionEngine 代码问题漏洞
Vulnerability Description
PACKET TIDE ExpressionEngine是美国PACKET TIDE公司的一套开源的内容管理系统(CMS)。 PACKET TIDE ExpressionEngine 5.3.2之前版本中存在安全漏洞。远程攻击者可利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A