| शीर्षक | WonderCMS 3.5.9 remote code execution |
|---|
| विवरण | A remote code execution (RCE) vulnerability present in WonderCMS version 3.5.0, specifically within the theme and plugin installation/update functionalities. The vulnerability arises from inadequate validation of ZIP file contents downloaded from user-provided URLs, allowing attackers to execute arbitrary code on the server by uploading malicious ZIP files containing PHP web shells. |
|---|
| स्रोत | ⚠️ https://github.com/WonderCMS/wondercms/issues/330 |
|---|
| उपयोगकर्ता | cc1110 (UID 83128) |
|---|
| सबमिशन | 22/03/2025 02:43 PM (1 वर्ष पहले) |
|---|
| संयम | 02/04/2025 04:02 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 303014 [WonderCMS 3.5.0 Theme Installation/Plugin Installation installUpdateModuleAction अधिकार वृद्धि] |
|---|
| अंक | 19 |
|---|