PT-2021-11755 · 74Cms+1 · 74Cms+1

Bigtiger2020

Published

2021-02-17

Updated

2021-07-21

CVE-2020-35339

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: 74cms version 5.0.1

Description: The issue is a remote code execution vulnerability located in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php. This allows attackers to obtain server permissions and control the server.

Recommendations: For 74cms version 5.0.1, consider disabling access to the vulnerable files /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php until a patch is available. Restrict access to these files to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-35339

Affected Products

74Cms

Thinkphp

PT-2021-11755 · 74Cms+1 · 74Cms+1

CVE-2020-35339

Weakness Enumeration

Related Identifiers

Affected Products

References · 5