漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Xibo CMS: Remote Code Execution through module templates
Vulnerability Description
Xibo is an open source digital signage platform with a web content management system (CMS). Versions 4.3.0 and below contain a Remote Code Execution vulnerability in the CMS Developer menu's Module Templating functionality, allowing authenticated users with "System -> Add/Edit custom modules and templates" permissions to manipulate Twig filters and execute arbitrary server-side functions as the web server user. This issue is fixed in version 4.3.1. To workaround this issue, use the 4.1 and 4.2 patch commits.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Xibo CMS 安全漏洞
Vulnerability Description
Xibo CMS是Xibo Digital Signage开源的一个内容管理系统。 Xibo CMS 4.3.0及之前版本存在安全漏洞,该漏洞源于CMS开发者菜单中的模块模板功能存在Twig过滤器操作不当,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A