Submit #495820: 四川迅睿云软件开发有限公司 迅睿CMS <=4.6.4 (2024-12-17) Remote Code Executeinfo

Title四川迅睿云软件开发有限公司 迅睿CMS <=4.6.4 (2024-12-17) Remote Code Execute
DescriptionXunRuiCMS is a PHP website content management system licensed under the MIT open-source protocol, supporting multiple core modes. XunRuiCMS v4.6.3 and earlier versions have a frontend command execution vulnerability. Remote attackers can exploit this vulnerability to gain server access, potentially leading to server compromise.
Source⚠️ https://github.com/pwysec/d6qRhl/blob/main/1.pdf
User
 p1wy (UID 75818)
Submission02/06/2025 07:27 (1 Year ago)
Moderation02/10/2025 12:15 (4 days later)
StatusAccepted
VulDB entry295090 [dayrui XunRuiCMS up to 4.6.4 /Control/Api/Api.php thumb deserialization]
Points18

Do you know our Splunk app?

Download it now for free!