| عنوان | Wang Junnan DreamerCMS 4.1.3.1 Remote command execution |
|---|
| الوصف | DreamerCMS versions earlier than x.x.x.x have an RCE vulnerability, which is caused by the code that detects directory traversal in the compressed package decompression function is bypassed, resulting in the writing of scheduled tasks and the execution of rebound shell commands |
|---|
| المصدر | ⚠️ https://gitee.com/y1336247431/poc-public/issues/I9BA5R |
|---|
| المستخدم | passwd7 (UID 66943) |
|---|
| ارسال | 25/03/2024 06:07 AM (2 سنوات منذ) |
|---|
| الاعتدال | 04/04/2024 04:14 PM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 259369 [Dreamer CMS حتى 4.1.3.0 ThemesController.java ZipUtils.unZipFiles اجتياز الدليل] |
|---|
| النقاط | 17 |
|---|