| शीर्षक | Bootstrap CMS v0.9.0-alpha Bootstrap CMS |
|---|
| विवरण | Bootstrap CMS contains a critical Remote Code Execution (RCE) vulnerability. The application uses PHP's eval() function to execute user-supplied content in page bodies without any sanitization or sandbox restrictions. By default, the cms.eval configuration option is set to true, enabling this dangerous functionality.
An authenticated user with edit permission (such as an Editor role) can create or modify pages containing arbitrary PHP code. When any user visits the page, the malicious PHP code is executed on the server with the privileges of the web server process.
https://github.com/BootstrapCMS |
|---|
| स्रोत | ⚠️ https://www.yuque.com/fortune-toq55/giqwnb/ra0b34kzmqn8e0m1 |
|---|
| उपयोगकर्ता | fortuneh2c (UID 97063) |
|---|
| सबमिशन | 13/04/2026 02:18 PM (2 महीनों पहले) |
|---|
| संयम | 30/04/2026 04:58 PM (17 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 360316 [Bootstrap CMS 0.9.0-alpha Page Creation show.blade.php body अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|