漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Connect-CMS has Arbitrary Code Execution by an Authenticated User in its Code Study Plugin
Vulnerability Description
Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to execute arbitrary code in the Code Study Plugin. Versions 1.41.1 and 2.41.1 contain a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
OpenSource-WorkShop Connect-CMS 代码注入漏洞
Vulnerability Description
OpenSource-WorkShop Connect-CMS是日本OpenSource-WorkShop公司的一个用于轻松创建网站的内容管理系统。 OpenSource-WorkShop Connect-CMS 1.41.0及之前版本和2.41.0及之前版本存在代码注入漏洞,该漏洞源于Code Study Plugin存在代码执行问题,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A