Submit #54725: JreCMS template injection vulnerabilityИнформация

TitleJreCMS template injection vulnerability
DescriptionThe rapid development of JreCMS, dynamic addition of fields, user-defined labels, dynamic creation of database tables and crud data, database backup and restore, dynamic addition of sites (multi site function), and one click generation of template code make it easy to open Build your own independent website, which is also convenient for secondary development, allowing you to quickly build personalized independent websites. Background functions include: Global configuration (configuration parameters, model management) Basic content (website information, company information, content columns) Content management (content data, label management) Extended content (message information, rotating pictures, friendship links, customized tables, customized data) Official account management (WeChat menu) System management (site management, system role, system user, database management, template management, menu management) The JreCMS background management system can add a template file and call the user-defined template file in the column introduction, so that we can edit a template file with malicious command execution and use it in other columns Call to implement a remote command execution vulnerability. This vulnerability can be used to execute server system commands and obtain system information. Vulnerability address: http://ip:8888/admin/template?directory=default Code download address: https://gitee.com/heyewei/SpringBootCMS.git Vulnerability location: after logging in to the system, the template management interface adds the basic content of the template interface, and the content column calls the user-defined template.
Source⚠️ https://github.com/Ha0Liu/cveAdd/blob/developer/JreCMS%20template%20injection%20vulnerability/JreCMS%20template%20injection%20vulnerability.md
Usermuzishouchen (ID 36418)
Submission05.12.2022 04:12 (1 Year ago)
Moderation05.12.2022 08:08 (4 hours later)
Statusпринято
VulDB Entry214790

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!