There is a vulnerability which allows remote attackers to execute arbitrary code. The user can control the value of the field 'condition' of the database table 'vae_admin_rule', which is used for the parameters of the code execution function in the administrator privilege check module.
Vulnerability description:
There is a vulnerability which allows remote attackers to execute arbitrary code. The user can control the value of the field 'condition' of the database table 'vae_admin_rule', which is used for the parameters of the code execution function in the administrator privilege check module.
Payload:
123);system("echo ".base64_decode("Ijw/cGhwIHBocGluZm8oKTsi").">yunsle.php"POC:
Firstly, we put the payload into the place as follows:

Then we create a new role group, which has limited privileges:

And we create a user that belongs to this role group:

We login as 'test', and it's obvious that user 'test' has no privilege to access any page:

But the payload has been executed when the system checked the privileges:

The text was updated successfully, but these errors were encountered: