N/A

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as follows: PowerCMS 6.021 and earlier (PowerCMS 6 Series), PowerCMS 5.21 and earlier (PowerCMS 5 Series), and PowerCMS 4.51 and earlier (PowerCMS 4 Series). Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.

N/A

N/A

Alfasado PowerCMS 操作系统命令注入漏洞

Alfasado PowerCMS是日本Alfasado公司的一套内容管理系统（CMS）。 Alfasado PowerCMS XMLRPC API 存在操作系统命令注入漏洞，该漏洞源于包含命令注入漏洞，通过POST方法发送特制消息可能允许执行任意Perl脚本，并可能通过它执行任意OS命令。如果漏洞被利用，它无法执行在其参数中添加任意值的命令。

N/A

N/A