| Titel | Beijing Seven Bears Technology Co., Ltd. wenkucms V3.4 OS Command Injection |
|---|
| Beschreibung | Seven bears is a library CMS system similar to Baidu Library, which can realize document sharing and sales. The CMS does not check the $path parameter in the createpathone method of app/common/common.php. It is directly passed into the system function. After entering the background, the attacker can modify the malicious path and execute arbitrary commands by indirectly triggering |
|---|
| Quelle | ⚠️ https://github.com/electroN1chahaha/wenkucms-RCE/issues/1 |
|---|
| Benutzer | electroN1c (UID 85481) |
|---|
| Einreichung | 17.09.2025 06:33 (vor 7 Monaten) |
|---|
| Moderieren | 28.09.2025 20:34 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 326215 [mirweiye wenkucms bis 3.4 app/common/common.php createPathOne erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|