Design/Logic Flaw

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to a file-upload flaw where the upload file type is controllable in the CMS background, enabling an attacker to modify the file type and potentially obtain a webshell. Root cause: incomplete verification of uploaded file types. Impact: webshell capability is implie...

VulnCheck KEV: CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

Joomla OpenSEF Component mosConfig_absolute_path远程文件包含漏洞

Joomla OpenSEF是一款基于PHP的WEB应用程序。 Joomla OpenSEF不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'sef.php'脚本对用户提交的'mosConfigabsolutepath'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 OpenSEF Project OpenSEF 2.0-beta3 OpenSEF Project OpenSEF 2.0 RC5 SP2 OpenSEF Project OpenSEF 2.0 RC5 SP1 OpenSEF Proje...