| Title | Beijing Seven Bears Technology Co., Ltd. wenkucms V3.4 OS Command Injection |
|---|
| Description | Seven bears is a library CMS system similar to Baidu Library, which can realize document sharing and sales. The CMS does not check the $path parameter in the createpathone method of app/common/common.php. It is directly passed into the system function. After entering the background, the attacker can modify the malicious path and execute arbitrary commands by indirectly triggering |
|---|
| Source | ⚠️ https://github.com/electroN1chahaha/wenkucms-RCE/issues/1 |
|---|
| User | electroN1c (UID 85481) |
|---|
| Submission | 09/17/2025 06:33 (7 months ago) |
|---|
| Moderation | 09/28/2025 20:34 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 326215 [mirweiye wenkucms up to 3.4 app/common/common.php createPathOne os command injection] |
|---|
| Points | 20 |
|---|