Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
baserCMS: unsafe File Upload Leading to Remote Code Execution (RCE)
Vulnerability Description
baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using require_once without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve arbitrary code execution when it is included. This issue has been patched in version 5.2.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
baserCMS 安全漏洞
Vulnerability Description
baserCMS是baserCMS团队的一套企业级内容管理系统(CMS)。 baserCMS 5.2.3之前版本存在安全漏洞,该漏洞源于应用程序的还原功能允许用户上传zip文件并自动解压,且未验证或限制文件名,可能导致攻击者通过特制PHP文件实现任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A