Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote command execution through file upload in contao/core-bundle
Vulnerability Description
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does not execute PHP files and other scripts in the Contao file upload directory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Contao 代码问题漏洞
Vulnerability Description
Contao是Contao开源的一套采用PHP开发的开源内容管理系统(CMS)。该系统支持搜索引擎、权限管理和CSS框架等。 Contao 4.0.0及之前版本存在代码问题漏洞,该漏洞源于拥有文件管理器访问权限的后台用户可以上传恶意文件并在服务器上执行它们。
CVSS Information
N/A
Vulnerability Type
N/A