Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Phar unserialization vulnerability in phpMussel
Vulnerability Description
phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution (discovered, tested, and confirmed by myself), so the risk factor should be regarded as very high. Newer phpMussel versions don't use PHP's phar wrapper, and are therefore unaffected. This has been fixed in version 1.6.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Vulnerability Type
可信数据的反序列化
Vulnerability Title
phpMussel 代码问题漏洞
Vulnerability Description
phpMussel是一套病毒检测解决方案。该产品主要用于检测上传到系统的文件中的木马、病毒、恶意软件和其他威胁等。 phpMussel 1.0.0及之后版本(1.6.0之前版本)中的phar wrapper存在代码问题漏洞。攻击者可通过上传特制的文件利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A