CVE-2021-36547

A remote code execution RCE vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file...

CVE-2021-36547

Summary: Mara CMS v7.5 contains a remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew. The root cause is alleged improper input filtering in the file upload logic, enabling an attacker to upload a crafted PHP file that can execute arbitrary commands. This iss...

Mara CMS 代码问题漏洞

Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...

PT-2020-15905 · Mara · Mara Cms

Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: An issue exists that allows arbitrary file upload. To exploit this, an attacker needs a valid authenticated session and must make a "codebase/dir.php?type=filenew" request to upload PHP code to...