Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XpressEngine file upload vulnerability
Vulnerability Description
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
XpressEngine 代码问题漏洞
Vulnerability Description
XpressEngine是一个 CMS(内容管理系统),任何人都可以轻松、方便、自由地发布内容。 XpressEngine 3.0.14之前版本存在安全漏洞,该漏洞源于存在文件校验不充分,存在任意文件上传漏洞,攻击者利用该漏洞可以在运行公告板的服务器上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A