Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
BuilderEngine 3.5.0 RCE via Unauthenticated Arbitrary File Upload
Vulnerability Description
An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to upload a malicious .php file and subsequently execute arbitrary PHP code on the server under the context of the web server process. While the root vulnerability lies within the jQuery File Upload component, BuilderEngine’s improper integration and lack of access controls expose this functionality to unauthenticated users, resulting in full remote code execution.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
BuilderEngine 安全漏洞
Vulnerability Description
BuilderEngine是BuilderEngine公司的一款网络构建工具。 BuilderEngine 3.5.0版本存在安全漏洞,该漏洞源于elFinder 2.0文件管理器中的文件上传问题,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A