代码拉取完成,页面将自动刷新
Here I choose the latest version downloaded from the official website,Because I found that the gitee version is not the latest version.
The official url is https://www.ecisp.cn/html/cn/download_espcms/.

login in to the manage background,and use below function

Use burpsuite ,and then modify the requests.
There we modify the IS_GETCACHE from 1 to 1,);phpinfo();/*

Then we see the below php file was modifyed by us,and we visit it


This vulnerability is similar to the previous one(#I5WSA0:[CVE-2022-44087]There is a Remote Code Execution after login Manage background:There is a Remote Code Execution after login Manage background)
There are two other places where this vulnerability exists

