baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

危险类型文件的不加限制上传

baserCMS 安全漏洞

baserCMS是baserCMS团队的一套企业级内容管理系统（CMS）。 baserCMS 5.2.3之前版本存在安全漏洞，该漏洞源于应用程序的还原功能允许用户上传zip文件并自动解压，且未验证或限制文件名，可能导致攻击者通过特制PHP文件实现任意代码执行。

N/A

N/A