Gửi #525101: WonderCMS 3.5.9 remote code executionthông tin

tiêu đềWonderCMS 3.5.9 remote code execution
Mô tảA remote code execution (RCE) vulnerability present in WonderCMS version 3.5.0, specifically within the theme and plugin installation/update functionalities. The vulnerability arises from inadequate validation of ZIP file contents downloaded from user-provided URLs, allowing attackers to execute arbitrary code on the server by uploading malicious ZIP files containing PHP web shells.
Nguồn⚠️ https://github.com/WonderCMS/wondercms/issues/330
Người dùng
 cc1110 (UID 83128)
Đệ trình22/03/2025 14:43 (cách đây 1 Năm)
Kiểm duyệt02/04/2025 16:02 (11 days later)
Trạng tháiđược chấp nhận
Mục VulDB303014 [WonderCMS 3.5.0 Theme Installation/Plugin Installation installUpdateModuleAction nâng cao đặc quyền]
điểm19

Do you know our Splunk app?

Download it now for free!