Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
taisan tarzan-cms Add Theme admin#themes upload deserialization
Vulnerability Description
A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
可信数据的反序列化
Vulnerability Title
Tarzan-CMS 安全漏洞
Vulnerability Description
Tarzan-CMS是泰山团队的一款基于 Java 技术栈的现代化开源内容管理系统(CMS)。 Tarzan-CMS 1.0.0及之前版本存在安全漏洞,该漏洞源于Add Theme Handler组件的文件/admin#themes的上传功能会导致反序列化。
CVSS Information
N/A
Vulnerability Type
N/A