| 제목 | DefaultFuction CMS V1.0.0 Command Injection |
|---|
| 설명 | A Command Injection vulnerability was identified in the Content Management System. The issue occurs when the application passes user-supplied input to system shell commands (such as ping, nslookup, or traceroute) without proper validation, sanitization, or escaping. An attacker can inject arbitrary operating system commands by appending command separators or operators to the legitimate input parameter, causing the server to execute malicious commands with the privileges of the web application.
|
|---|
| 원천 | ⚠️ https://github.com/DefaultFuction/Content-Management-System/issues/1 |
|---|
| 사용자 | Practice (UID 95611) |
|---|
| 제출 | 2026. 03. 16. PM 02:42 (21 날 ago) |
|---|
| 모더레이션 | 2026. 04. 01. PM 04:02 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354667 [DefaultFuction Content-Management-System 1.0 /admin/tools.php host 권한 상승] |
|---|
| 포인트들 | 20 |
|---|