CNNVD-202512-3226 Information

CNNVD ID

CNNVD-202512-3226

Related CVE

CVE-2023-53924

• CNNVD Published: 2025-12-17

Description (Chinese)

UliCMS是UliCMS开源的一个内容管理系统（CMS）。该系统支持访问控制和所见即所得编辑等功能。 UliCMS 2023.1-sniffing-vicuna版本存在代码问题漏洞，该漏洞源于经过身份验证的攻击者可在个人资料头像上传时上传.phar扩展名的PHP文件，可能导致远程代码执行。

Description (English)

UlICMS is a UliCMS open source content management system (CMS). The system supports features such as access control and the resulting editing. The UliCMS 2023.1-sniffing-vicuna version has a code gap, which stems from the fact that a PHP file with a .phar extension can be uploaded by an identified assailant during the uploading of the personal data header, which may result in remote code execution.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

UliCMS

Published

2025-12-17

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/51434 https://www.vulncheck.com/advisories/ulicms-sniffing-vicuna-remote-code-execution-via-avatar-upload https://en.ulicms.de/ https://web.archive.org/web/20230314183734/ https://access.redhat.com/security/cve/cve-2023-53924