Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An Authenticated Remote Code Exection (RCE) vulnerability exists in Xerte through 3.9 in website_code/php/import/fileupload.php by uploading a maliciously crafted PHP file though the project interface disguised as a language file to bypasses the upload filters. Attackers can manipulate the files destination by abusing path traversal in the 'mediapath' variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xerte 代码问题漏洞
Vulnerability Description
Xerte是英国The Xerte Project社区的一个开源软件。用于创作学习对象。 Xerte存在代码问题漏洞,该漏洞通过伪装成语言文件的项目接口上传一个恶意制作的php文件,以绕过上传过滤器。攻击者可利用该漏洞可以通过滥用“mediapath”变量中的路径遍历来操纵文件的目的地。
CVSS Information
N/A
Vulnerability Type
N/A