| 제목 | Wang Junnan DreamerCMS 4.1.3.1 Remote command execution |
|---|
| 설명 | DreamerCMS versions earlier than x.x.x.x have an RCE vulnerability, which is caused by the code that detects directory traversal in the compressed package decompression function is bypassed, resulting in the writing of scheduled tasks and the execution of rebound shell commands |
|---|
| 원천 | ⚠️ https://gitee.com/y1336247431/poc-public/issues/I9BA5R |
|---|
| 사용자 | passwd7 (UID 66943) |
|---|
| 제출 | 2024. 03. 25. AM 06:07 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 04. 04. PM 04:14 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 259369 [Dreamer CMS 까지 4.1.3.0 ThemesController.java ZipUtils.unZipFiles 디렉토리 순회] |
|---|
| 포인트들 | 17 |
|---|