|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-08-31 | |
| Rule Name: | ECShop 2.x/3.x Remote Code Execution Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The template variable of the display function in the user.php file of ECShop is controllable, leading to injection, and remote code execution can be achieved with injection. The attacker does not need to log in to the site, etc., and can directly write to the webshell remotely. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Upgrade to the newest version. |