| Titel | Ctcms https://www.ctcms.cn/ 2.1.2 CommandExecutionVulnerability |
|---|
| Beschreibung | A vulnerability exists in the file ctcms/apps/controllers/admin/Upsys.php where any compressed package can be downloaded and then automatically decompressed. By constructing a one-liner webshell in the compressed package, you can download it and then execute a getshell. |
|---|
| Quelle | ⚠️ https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL |
|---|
| Benutzer | angelkat (UID 64410) |
|---|
| Einreichung | 26.02.2024 04:44 (vor 2 Jahren) |
|---|
| Moderieren | 27.02.2024 08:43 (1 day later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 254860 [Ctcms 2.1.2 Upsys.php erweiterte Rechte] |
|---|
| Punkte | 17 |
|---|