Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload
Vulnerability Description
A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
74CMS 安全漏洞
Vulnerability Description
迅易科技 74cms是中国迅易科技公司的一套基于PHP和MySQL的在线招聘系统。 74CMS 3.28.0版本存在安全漏洞,该漏洞源于文件/controller/company/Index.php的函数sendCompanyLogo的参数imgBase64存在文件上传漏洞。
CVSS Information
N/A
Vulnerability Type
N/A