Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation
Vulnerability Description
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and rename actions in the application.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Zomplog 安全漏洞
Vulnerability Description
Zomplog是Zomplog开源的一个Web日志系统。 Zomplog 3.9版本存在安全漏洞,该漏洞源于允许经过身份验证的攻击者通过文件操作端点注入和执行任意PHP代码,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A