漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
Vulnerability Description
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
CraftCMS 注入漏洞
Vulnerability Description
CraftCMS是CraftCMS公司的一个内容管理系统。 CraftCMS存在注入漏洞,该漏洞源于绕过validatePath函数会导致潜在的远程代码执行,攻击者利用此漏洞可能导致对易受攻击的系统进行恶意控制和数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A