| Title | Wang Junnan DreamerCMS 4.1.3.1 Remote command execution |
|---|
| Description | DreamerCMS versions earlier than x.x.x.x have an RCE vulnerability, which is caused by the code that detects directory traversal in the compressed package decompression function is bypassed, resulting in the writing of scheduled tasks and the execution of rebound shell commands |
|---|
| Source | ⚠️ https://gitee.com/y1336247431/poc-public/issues/I9BA5R |
|---|
| User | passwd7 (UID 66943) |
|---|
| Submission | 03/25/2024 06:07 (2 years ago) |
|---|
| Moderation | 04/04/2024 16:14 (10 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 259369 [Dreamer CMS up to 4.1.3.0 ThemesController.java ZipUtils.unZipFiles path traversal] |
|---|
| Points | 17 |
|---|