Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution Through Image Uploads in BookStack
Vulnerability Description
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
BookStack 代码问题漏洞
Vulnerability Description
BookStack是一套开源的使用PHP和Laravel构建wiki文档的平台。 BookStack 0.25.5之前版本中存在代码问题漏洞。攻击者可通过图像上传功能上传PHP文件利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A