Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CMSimple 5.4 Authenticated Local File Inclusion Remote Code Execution
Vulnerability Description
CMSimple 5.4 contains an authenticated local file inclusion vulnerability that allows remote attackers to manipulate PHP session files and execute arbitrary code. Attackers can leverage the vulnerability by changing the functions file path and uploading malicious PHP code through session file upload mechanisms.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
PHP程序中Include/Require语句包含文件控制不恰当(PHP远程文件包含)
Vulnerability Title
CMSimple 安全漏洞
Vulnerability Description
CMSimple是CMSimple开源的一种自由的内容管理系统。 CMSimple 5.4版本存在安全漏洞,该漏洞源于对PHP会话文件路径操作不当,可能导致本地文件包含和任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A