| Название | Wang Junnan DreamerCMS 4.1.3.1 Remote command execution |
|---|
| Описание | DreamerCMS versions earlier than x.x.x.x have an RCE vulnerability, which is caused by the code that detects directory traversal in the compressed package decompression function is bypassed, resulting in the writing of scheduled tasks and the execution of rebound shell commands |
|---|
| Источник | ⚠️ https://gitee.com/y1336247431/poc-public/issues/I9BA5R |
|---|
| Пользователь | passwd7 (UID 66943) |
|---|
| Представление | 25.03.2024 06:07 (2 лет назад) |
|---|
| Модерация | 04.04.2024 16:14 (10 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 259369 [Dreamer CMS до 4.1.3.0 ThemesController.java ZipUtils.unZipFiles обход каталога] |
|---|
| Баллы | 17 |
|---|