| عنوان | conjure Position Department Service Quality Evaluation System <=1.0.11 Command Shell in Externally Accessible Directory |
|---|
| الوصف | A hidden PHP webshell backdoor has been discovered in Position Department Service Quality Evaluation System v1.0.11 (based on FastAdmin v1.5.0.20240328), located at public/assets/less/bootstrap-less/mixins/head.php. The webshell allows remote attackers to execute arbitrary PHP code on the server by sending specially crafted, encrypted POST requests. The malicious code uses XOR encryption and session persistence to evade detection and maintain access, granting full control over the affected system. This poses a critical security risk, enabling unauthorized access, data theft, and potential further compromise of business assets. Immediate removal of the malicious file and thorough security review are strongly recommended.
|
|---|
| المصدر | ⚠️ https://note-hxlab.wetolink.com/share/LZJIef0phS6B |
|---|
| المستخدم | YELEIPENG (UID 73615) |
|---|
| ارسال | 24/06/2025 10:18 AM (12 أشهر منذ) |
|---|
| الاعتدال | 27/06/2025 08:38 PM (3 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 314282 [Conjure Position Department Service Quality Evaluation System head.php eval تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|