Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowed_classes option, allowing an attacker to inject arbitrary PHP objects. This can lead to malicious behavior, such as Remote Code Execution (RCE), SQL Injection, Path Traversal, or Denial of Service, depending on the availability of exploitable classes in the Vfront codebase or its dependencies.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vfront 安全漏洞
Vulnerability Description
Vfront是Marcello Verona个人开发者的一个数据库管理前端工具。 Vfront 0.99.52版本存在安全漏洞,该漏洞源于对用户控制的输入进行反序列化操作时未进行验证或使用allowed_classes选项,可能导致远程代码执行、SQL注入、路径遍历或拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A