Enviar #636628: mtons https://gitee.com/mtons/mblog <=3.5.0 Server-Side Template Injectioninformación

Títulomtons https://gitee.com/mtons/mblog <=3.5.0 Server-Side Template Injection
DescripciónThe /admin/theme/index endpoint in the admin panel supports uploading custom themes. When malicious code is inserted into a custom theme and uploaded/enabled, accessing the corresponding page can execute arbitrary system commands via SSTI.
Fuente⚠️ https://gitee.com/mtons/mblog/issues/ICPMUS
Usuario
 ZAST.AI (UID 87884)
Sumisión2025-08-18 04:35 (hace 8 meses)
Moderación2025-08-29 08:05 (11 days later)
EstadoDuplicado
Entrada de VulDB258571 [Mblog Blog System 3.5.0 Theme Management escalada de privilegios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!