8 Star 10 Fork 0

轻舞飞沙 / 易思ESPCMS-P8企业建站管理系统

 / 详情

[CVE-2022-44089]There is another Remote Code Execution after login Manage background

待办的
创建于  
2022-10-20 17:01

Here I choose the latest version downloaded from the official website,Because I found that the gitee version is not the latest version.
The official url is https://www.ecisp.cn/html/cn/download_espcms/.
输入图片说明
login in to the manage background,and use below function
输入图片说明
Use burpsuite ,and then modify the requests.
There we modify the IS_GETCACHE from 1 to 1,);phpinfo();/*
输入图片说明
Then we see the below php file was modifyed by us,and we visit it
输入图片说明
输入图片说明
This vulnerability is similar to the previous one(#I5WSA0:[CVE-2022-44087]There is a Remote Code Execution after login Manage background:There is a Remote Code Execution after login Manage background)

There are two other places where this vulnerability exists
输入图片说明
输入图片说明

评论 (0)

azraelxuemo 创建了任务
azraelxuemo 修改了描述
azraelxuemo 修改了标题
展开全部操作日志

登录 后才可以发表评论

状态
负责人
里程碑
Pull Requests
关联的 Pull Requests 被合并后可能会关闭此 issue
分支
开始日期   -   截止日期
-
置顶选项
优先级
参与者(1)
PHP
1
https://gitee.com/earclink/espcms.git
git@gitee.com:earclink/espcms.git
earclink
espcms
易思ESPCMS-P8企业建站管理系统

搜索帮助