Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Aimeos Core remote code execution in web server context
Vulnerability Description
Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version 2024.04.5 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
Aimeos 安全漏洞
Vulnerability Description
Aimeos是Aimeos开源的一个面向在线商店的开源电子商务框架。 Aimeos 2024.04.5 之前版本存在安全漏洞,该漏洞源于具有管理权限的用户可以上传看起来像图像但包含 PHP 代码的文件,这些文件可以在 Web 服务器的环境中执行。
CVSS Information
N/A
Vulnerability Type
N/A