Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HorizontCMS 代码问题漏洞
Vulnerability Description
HorizontCMS是个人开发者的一个客户关系管理 Web 平台。 HorizontCMS 1.0.0-beta及之前版本存在代码问题漏洞,该漏洞 允许经过身份验证的远程攻击者通过上传PHP有效负载来执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A