You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a vulnerability which allows remote attackers to execute arbitrary code. The user can control the value of the field 'condition' of the database table 'vae_admin_rule', which is used for the parameters of the code execution function in the administrator privilege check module.
Vulnerability description:
There is a vulnerability which allows remote attackers to execute arbitrary code. The user can control the value of the field 'condition' of the database table 'vae_admin_rule', which is used for the parameters of the code execution function in the administrator privilege check module.
Payload:
123);system("echo ".base64_decode("Ijw/cGhwIHBocGluZm8oKTsi").">yunsle.php"
POC:
Firstly, we put the payload into the place as follows:
Then we create a new role group, which has limited privileges:
And we create a user that belongs to this role group:
We login as 'test', and it's obvious that user 'test' has no privilege to access any page:
But the payload has been executed when the system checked the privileges:
The text was updated successfully, but these errors were encountered: