Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Concrete5 through 8.5.5 deserializes Untrusted Data. The vulnerable code is located within the controllers/single_page/dashboard/system/environment/logging.php Logging::update_logging() method. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Portlandlabs Concrete5 代码问题漏洞
Vulnerability Description
Portlandlabs Concrete5是美国PortlandLabs(Portlandlabs)公司的一套开源内容管理系统(CMS)。 Portlandlabs concrete5 存在代码问题漏洞,该漏洞源于输入验证不安全。远程特权用户可以将专门设计的数据传递给应用程序,并在目标系统上执行任意PHP代码。以下产品和版本的影响:concrete5:8.0,8.0.1,8.0.2,8.0.3,8.1.0,8.2.0, 8.2.1,8.3.0,8.3.1,8.3.2,8.4.0,8.4.1,8.4.2,
CVSS Information
N/A
Vulnerability Type
N/A