जमा करें #525101: WonderCMS 3.5.9 remote code executionजानकारी

शीर्षकWonderCMS 3.5.9 remote code execution
विवरणA remote code execution (RCE) vulnerability present in WonderCMS version 3.5.0, specifically within the theme and plugin installation/update functionalities. The vulnerability arises from inadequate validation of ZIP file contents downloaded from user-provided URLs, allowing attackers to execute arbitrary code on the server by uploading malicious ZIP files containing PHP web shells.
स्रोत⚠️ https://github.com/WonderCMS/wondercms/issues/330
उपयोगकर्ता
 cc1110 (UID 83128)
सबमिशन22/03/2025 02:43 PM (1 वर्ष पहले)
संयम02/04/2025 04:02 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि303014 [WonderCMS 3.5.0 Theme Installation/Plugin Installation installUpdateModuleAction अधिकार वृद्धि]
अंक19

Do you want to use VulDB in your project?

Use the official API to access entries easily!