Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Naviwebs Navigate CMS 代码问题漏洞
Vulnerability Description
Naviwebs Navigate CMS是美国Naviwebs公司的一套开源的内容管理系统(CMS)。 Naviwebs Navigate CMS 2.9版本中的install_from_hash功能存在安全漏洞,该漏洞源于在检查包含PHP代码的ZIP文件时,lib/packages/extensions/extension.class.php和lib/packages/themes/theme.class.php中的‘check_upload’函数没有考虑.phtml扩展名。目前尚无此漏洞的相关信息,
CVSS Information
N/A
Vulnerability Type
N/A