Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CMSimple 5.15 Remote Command Execution via Extensions Configuration
Vulnerability Description
CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensions_userfiles and upload a shell script to the media directory to execute arbitrary code on the server.
CVSS Information
N/A
Vulnerability Type
将文件描述符暴露给不受控制的范围(文件描述符泄露)
Vulnerability Title
CMSimple 安全漏洞
Vulnerability Description
CMSimple是CMSimple开源的一种自由的内容管理系统。 CMSimple 5.15版本存在安全漏洞,该漏洞源于认证用户可修改文件扩展名并上传恶意PHP文件,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A