漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
CMS Commander <= 2.287 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature
Vulnerability Description
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
WordPress Plugin CMS Commander 安全特征问题漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress Plugin CMS Commander 2.287及之前版本存在安全特征问题漏洞,该漏洞源于cmsc_add_site函数上使用了不唯一的加密签名,使未经身份验证的插件攻击者可以更改插件配置中的_cmsc_public_key,从而提供对
CVSS Information
N/A
Vulnerability Type
N/A