| Title | Ctcms https://www.ctcms.cn/ 2.1.2 CommandExecutionVulnerability |
|---|
| Description | A vulnerability exists in the file ctcms/apps/controllers/admin/Upsys.php where any compressed package can be downloaded and then automatically decompressed. By constructing a one-liner webshell in the compressed package, you can download it and then execute a getshell. |
|---|
| Source | ⚠️ https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL |
|---|
| User | angelkat (UID 64410) |
|---|
| Submission | 02/26/2024 04:44 (2 years ago) |
|---|
| Moderation | 02/27/2024 08:43 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 254860 [Ctcms 2.1.2 Upsys.php unrestricted upload] |
|---|
| Points | 17 |
|---|