Flute CMS Notification ContentParser.php replaceContent code injection

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been rated as critical. This issue affects the function replaceContent of the file app/Core/Support/ContentParser.php of the component Notification Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272069 was assigned to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

对生成代码的控制不恰当(代码注入)

Flute 代码注入漏洞

Flute是Flute开源的一个适用于 CS2、CS:S、Minecraft 和其他游戏服务器的全面解决方案。 Flute 0.2.2.4-alpha 版本之前存在代码注入漏洞，该漏洞源于 Notification Handler 组件的 app/Core/Support/ContentParser.php 文件中包含代码注入。

N/A

N/A