woider/ArticleCMS

woider/ArticleCMS

Releases0

Stars79

基于 Bootstrap 3.2 和 ThinkPHP 5.0 搭建的响应式资讯网站，侧重于后台用户和文章的管理。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-20092 ↗	May 13, 2021Thursday, 13 May 2021, 15:15	9.8 CRITICAL	7.5 HIGH
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
CVE-2020-28063 ↗	May 13, 2021Thursday, 13 May 2021, 15:15	9.8 CRITICAL	7.5 HIGH
A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.
CVE-2018-19469 ↗	Nov 23, 2018Friday, 23 November 2018, 05:29	—	4.3 MEDIUM
ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter.
CVE-2018-12339 ↗	Jun 13, 2018Wednesday, 13 June 2018, 19:29	—	3.5 LOW
ArticleCMS through 2017-02-19 has XSS via an "add an article" action.