Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Shopwind Installation DefaultController.php actionCreate code injection
Vulnerability Description
A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
ShopWind 安全漏洞
Vulnerability Description
ShopWind是中国ShopWind公司的一款基于 Yii2.0 框架深度重构的 B2B2C、O2O 行业的电商系统软件。可以轻松创建和发布属于自己品牌的专业的电商平台,进行全方位的品牌宣传和产品推广。 ShopWind 4.6及之前版本存在安全漏洞,该漏洞源于文件/public/install/controllers/DefaultController.php的函数actionCreate存在代码注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A