| Title | WonderCMS 3.5.9 remote code execution |
|---|
| Description | A remote code execution (RCE) vulnerability present in WonderCMS version 3.5.0, specifically within the theme and plugin installation/update functionalities. The vulnerability arises from inadequate validation of ZIP file contents downloaded from user-provided URLs, allowing attackers to execute arbitrary code on the server by uploading malicious ZIP files containing PHP web shells. |
|---|
| Source | ⚠️ https://github.com/WonderCMS/wondercms/issues/330 |
|---|
| User | cc1110 (UID 83128) |
|---|
| Submission | 03/22/2025 14:43 (1 Year ago) |
|---|
| Moderation | 04/02/2025 16:02 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 303014 [WonderCMS 3.5.0 Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload] |
|---|
| Points | 19 |
|---|