Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ovidentia 代码问题漏洞
Vulnerability Description
Ovidentia是法国Cantico团队的一套基于PHP和MySQL的开源内容管理系统和协作平台,它可用于发布和管理项目、出版和文章管理、日程共享等。 Ovidentia 8.3版本存在安全漏洞,该漏洞源于文件上传功能不会阻止可执行文件的上传,用户可以上传包含PHP代码的.png文件,然后访问该文件以执行远程代码。
CVSS Information
N/A
Vulnerability Type
N/A