Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template editor. By manipulating the parameter, attackers can perform directory traversal and access sensitive files outside the intended template directory, potentially exposing system configuration, PHP source code, or other sensitive information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
QCMS 安全漏洞
Vulnerability Description
茸易科技 QCMS是中国茸易科技公司的一套用于创建响应式网站的开源内容管理系统(CMS)。 QCMS 6.0.5版本存在安全漏洞,该漏洞源于后端模板编辑器中Name参数验证不足,可能导致目录遍历和任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A