Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Cross Site Request Forgery (CSRF) vulnerability exists in Backdrop CMS 1.20, which allows Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading a maliciously add-on with crafted PHP file. NOTE: the vendor disputes this because the attack requires a session cookie of a high-privileged authenticated user who is entitled to install arbitrary add-ons
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Backdrop CMS 跨站请求伪造漏洞
Vulnerability Description
Backdrop CMS是一套开源的内容管理系统(CMS)。 Backdrop CMS 存在跨站请求伪造漏洞,该漏洞源于通过上传带有精心制作的 PHP 文件的恶意加载项在托管 Web 服务器上获得远程代码执行 (RCE)。注意:供应商对此提出异议,因为攻击需要一个有权安装任意附加组件的高权限认证用户的会话 cookie。
CVSS Information
N/A
Vulnerability Type
N/A