Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their content. This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Invision Community 安全漏洞
Vulnerability Description
Invision Community是美国Invision公司的一个用于设计、开发移动应用UI的软件。 Invision Community 4.7.16及之前版本存在安全漏洞,该漏洞源于处理上传的ZIP文件时未能正确验证文件内容,导致容易受到远程代码执行攻击。
CVSS Information
N/A
Vulnerability Type
N/A