| Titel | Wang Junnan DreamerCMS 4.1.3.1 Remote command execution |
|---|
| Beschreibung | DreamerCMS versions earlier than x.x.x.x have an RCE vulnerability, which is caused by the code that detects directory traversal in the compressed package decompression function is bypassed, resulting in the writing of scheduled tasks and the execution of rebound shell commands |
|---|
| Quelle | ⚠️ https://gitee.com/y1336247431/poc-public/issues/I9BA5R |
|---|
| Benutzer | passwd7 (UID 66943) |
|---|
| Einreichung | 25.03.2024 06:07 (vor 2 Jahren) |
|---|
| Moderieren | 04.04.2024 16:14 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 259369 [Dreamer CMS bis 4.1.3.0 ThemesController.java ZipUtils.unZipFiles Directory Traversal] |
|---|
| Punkte | 17 |
|---|