In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server.
References
Link | Resource |
---|---|
http://www.74cms.com/download/index.html | Product Vendor Advisory |
https://github.com/BigTiger2020/74cms-rce/blob/main/README.md | Exploit Third Party Advisory |
Configurations
History
23 Feb 2021, 13:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:74cms:74cms:5.0.1:*:*:*:*:*:*:* | |
CWE | CWE-732 | |
References | (MISC) http://www.74cms.com/download/index.html - Product, Vendor Advisory | |
References | (MISC) https://github.com/BigTiger2020/74cms-rce/blob/main/README.md - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
17 Feb 2021, 16:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-17 15:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35339
Mitre link : CVE-2020-35339
CVE.ORG link : CVE-2020-35339
JSON object : View
Products Affected
74cms
- 74cms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')