You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.
Describe the bug
Code execution vulnerabilities in the background
To Reproduce
Steps to reproduce the behavior:
1.Log in to the background
2.Go to /acp/acp.php?tn=pages&sub=new#position
3.Click info and enter the malicious php code in the Permalink parameter to jump out of the structure to execute the malicious code
4.Click save
5./content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
6.Visit the homepage and you will see that the malicious code we inserted was successfully executed and returned the result
Screenshots
Click Save New Page
/content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
Desktop (please complete the following information):
OS: MacOS
Browser All
Version Last version
The text was updated successfully, but these errors were encountered:
Describe the bug
Code execution vulnerabilities in the background
To Reproduce
Steps to reproduce the behavior:
1.Log in to the background
2.Go to /acp/acp.php?tn=pages&sub=new#position
3.Click info and enter the malicious php code in the Permalink parameter to jump out of the structure to execute the malicious code
4.Click save
5./content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
6.Visit the homepage and you will see that the malicious code we inserted was successfully executed and returned the result
Screenshots
Click Save New Page
/content/cache/active_urls.php and /content/cache/cache_lastedit.php files will be inserted with malicious code
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: