There is an Arbitrary Content Injection vulnerability leading to Code Execution

baigoStudio / baigoCMS

网站内容管理系统

http://www.baigo.net/cms/

Apache License 2.0

98 stars 36 forks source link

There is an Arbitrary Content Injection vulnerability leading to Code Execution #8

Open MRdoulestar opened 5 years ago

MRdoulestar commented 5 years ago

Vulnerability description

There is a vulnerability which allows remote attackers to execute arbitrary code. The 'BG_SITE_NAME' parameter which includes malicious code can be written into 'opt_base.inc.php'.

poc

');eval('phpinfo();