| Title | gitee XunruiCms v4.6.3 Deserialization and code excute |
|---|
| Description | There is a deserialization vulnerability in the latest version of Xunrui CMS gitee release, which can execute code and construct POP chains according to the purpose of exploitation, such as RCE chains, execute system commands. A malicious attacker is able to gain privileges on the server. |
|---|
| Source | ⚠️ https://github.com/stevenchen0x01/CVE2/blob/main/cve2.md |
|---|
| User | Steven_Dra3w (UID 76559) |
|---|
| Submission | 02/05/2025 12:57 (1 Year ago) |
|---|
| Moderation | 02/10/2025 11:22 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 295080 [dayrui XunRuiCMS 4.6.3 Linkage.php import_add deserialization] |
|---|
| Points | 17 |
|---|