High severityOSV Advisory· Published Apr 21, 2019· Updated Aug 4, 2024
CVE-2019-11401
CVE-2019-11401
Description
A issue was discovered in SiteServer CMS 6.9.0. It allows remote attackers to execute arbitrary code because an administrator can add the permitted file extension .aassp, which is converted to .asp because the "as" substring is deleted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SiteServer CMS 6.9.0 allows authenticated administrators to upload a .aassp file that gets converted to .asp, enabling remote code execution via a webshell.
CVE-2019-11401 is a file upload vulnerability in SiteServer CMS version 6.9.0. The root cause lies in the GetUploadFileName method in PathUtility.cs, which removes the substring "as" from uploaded filenames [1]. This filtering allows an administrator to bypass extension restrictions by uploading a file with the extension .aassp—after removing "as", the extension becomes .asp, a permissible executable extension [2].
An attacker must first authenticate as an administrator and add .aassp to the list of permitted file extensions. Then, they can upload a malicious .aassp file (e.g., a webshell) via the file upload functionality. The server processes the filename, strips "as", and saves the file as .asp [4]. No additional privileges are required beyond administrative access.
Successful exploitation allows remote attackers to execute arbitrary code on the server, effectively achieving a webshell. The attacker can then perform further malicious actions, such as data theft or lateral movement within the network [2].
The vulnerability was fixed in a subsequent commit that removed the flawed filtering logic [1]. Users should update to a patched version of SiteServer CMS. No public exploit code beyond the proof-of-concept in the issue tracker [4] has been reported, but the vulnerability is straightforward to exploit.
References
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
sscmsNuGet | < 6.12 | 6.12 |
Affected products
2- Range: siteserver-dev-v5.0.18, siteserver-dev-v5.0.22, siteserver-dev-v5.0.23, …
Patches
133 files changed · +212 −131
SiteServer.BackgroundPages/Cms/ModalUploadFile.cs+1 −1 modified@@ -66,7 +66,7 @@ public override void Submit_OnClick(object sender, EventArgs e) localDirectoryPath = PathUtility.MapPath(SiteInfo, _realtedPath); DirectoryUtils.CreateDirectoryIfNotExists(localDirectoryPath); } - var localFileName = PathUtility.GetUploadFileName(SiteInfo, filePath, TranslateUtils.ToBool(DdlIsFileUploadChangeFileName.SelectedValue)); + var localFileName = PathUtility.GetUploadFileName(filePath, TranslateUtils.ToBool(DdlIsFileUploadChangeFileName.SelectedValue)); var localFilePath = PathUtils.Combine(localDirectoryPath, localFileName);
SiteServer.BackgroundPages/Cms/ModalUploadImageSingle.cs+1 −0 modified@@ -74,6 +74,7 @@ public override void Submit_OnClick(object sender, EventArgs e) DirectoryUtils.CreateDirectoryIfNotExists(localDirectoryPath); } var localFileName = PathUtility.GetUploadFileName(SiteInfo, filePath); + var localFilePath = PathUtils.Combine(localDirectoryPath, localFileName); if (!PathUtility.IsImageExtenstionAllowed(SiteInfo, fileExtName))
SiteServer.BackgroundPages/Cms/PageContentAdd.cs+2 −1 modified@@ -91,7 +91,8 @@ public void Page_Load(object sender, EventArgs e) if (contentId > 0) { - contentInfo = ContentManager.GetContentInfo(SiteInfo, _channelInfo, contentId); + //contentInfo = ContentManager.GetContentInfo(SiteInfo, _channelInfo, contentId); + contentInfo = DataProvider.ContentDao.GetCacheContentInfo(_tableName, _channelInfo.Id, contentId); } var titleFormat = IsPostBack ? Request.Form[ContentAttribute.GetFormatStringAttributeName(ContentAttribute.Title)] : contentInfo?.GetString(ContentAttribute.GetFormatStringAttributeName(ContentAttribute.Title));
SiteServer.BackgroundPages/packages.config+1 −1 modified@@ -13,7 +13,7 @@ <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net452" /> <package id="Npgsql" version="4.0.7" targetFramework="net452" /> <package id="Oracle.ManagedDataAccess" version="18.6.0" targetFramework="net452" /> - <package id="SiteServer.Plugin" version="2.3.11" targetFramework="net452" /> + <package id="SiteServer.Plugin" version="2.3.13" targetFramework="net452" /> <package id="SqlKata" version="1.1.7" targetFramework="net452" /> <package id="System.Buffers" version="4.4.0" targetFramework="net452" /> <package id="System.Data.Common" version="4.3.0" targetFramework="net452" />
SiteServer.BackgroundPages/PageTest.cs+45 −45 modified@@ -20,51 +20,51 @@ public class PageTest : Page public void Page_Load(object sender, EventArgs e) { - var json = @"{ - ""columns"": [ - { - ""attributeName"": ""IsAbolition"", - ""dataType"": ""VarChar"", - ""dataLength"": 10, - ""isPrimaryKey"": false, - ""isIdentity"": false, - ""inputStyle"": { - ""inputType"": ""Radio"", - ""displayName"": ""是否废止"", - ""helpText"": null, - ""listItems"": [ - { - ""text"": ""是"", - ""value"": ""True"", - ""selected"": false - }, - { - ""text"": ""否"", - ""value"": ""False"", - ""selected"": true - } - ], - ""defaultValue"": null, - ""isRequired"": true, - ""validateType"": null, - ""minNum"": 0, - ""maxNum"": 0, - ""regExp"": null, - ""width"": null, - ""height"": null - } - } - ], - ""totalCount"": 796, - ""rowFiles"": [ - ""1.json"", - ""2.json"" - ] -}"; - - var tableInfo = TranslateUtils.JsonDeserialize<MyTableInfo>(json); - - LtlContent.Text = ""; +// var json = @"{ +// ""columns"": [ +// { +// ""attributeName"": ""IsAbolition"", +// ""dataType"": ""VarChar"", +// ""dataLength"": 10, +// ""isPrimaryKey"": false, +// ""isIdentity"": false, +// ""inputStyle"": { +// ""inputType"": ""Radio"", +// ""displayName"": ""是否废止"", +// ""helpText"": null, +// ""listItems"": [ +// { +// ""text"": ""是"", +// ""value"": ""True"", +// ""selected"": false +// }, +// { +// ""text"": ""否"", +// ""value"": ""False"", +// ""selected"": true +// } +// ], +// ""defaultValue"": null, +// ""isRequired"": true, +// ""validateType"": null, +// ""minNum"": 0, +// ""maxNum"": 0, +// ""regExp"": null, +// ""width"": null, +// ""height"": null +// } +// } +// ], +// ""totalCount"": 796, +// ""rowFiles"": [ +// ""1.json"", +// ""2.json"" +// ] +//}"; + + // var tableInfo = TranslateUtils.JsonDeserialize<MyTableInfo>(json); + + // LtlContent.Text = ""; } // MODEL Reference
SiteServer.BackgroundPages/Settings/PageAdminConfiguration.cs+12 −1 modified@@ -20,6 +20,9 @@ public class PageAdminConfiguration : BasePage public PlaceHolder PhLoginLockingHours; public TextBox TbLoginLockingHours; + public RadioButtonList RblIsEnforcePasswordChanges; + public PlaceHolder PhIsEnforcePasswordChanges; + public RadioButtonList RblIsViewContentOnlySelf; public void Page_Load(object sender, EventArgs e) @@ -34,7 +37,7 @@ public void Page_Load(object sender, EventArgs e) EUserPasswordRestrictionUtils.AddListItems(DdlLoginPasswordRestriction); ControlUtils.SelectSingleItemIgnoreCase(DdlLoginPasswordRestriction, ConfigManager.SystemConfigInfo.AdminPasswordRestriction); - EBooleanUtils.AddListItems(RblIsLoginFailToLock, "是", "否"); + EBooleanUtils.AddListItems(RblIsLoginFailToLock, "开启", "不开启"); ControlUtils.SelectSingleItemIgnoreCase(RblIsLoginFailToLock, ConfigManager.SystemConfigInfo.IsAdminLockLogin.ToString()); PhFailToLock.Visible = ConfigManager.SystemConfigInfo.IsAdminLockLogin; @@ -52,6 +55,9 @@ public void Page_Load(object sender, EventArgs e) TbLoginLockingHours.Text = ConfigManager.SystemConfigInfo.AdminLockLoginHours.ToString(); } + EBooleanUtils.AddListItems(RblIsEnforcePasswordChanges, "强制", "不强制"); + ControlUtils.SelectSingleItemIgnoreCase(RblIsEnforcePasswordChanges, ConfigManager.SystemConfigInfo.IsAdminEnforcePasswordChanges.ToString()); + EBooleanUtils.AddListItems(RblIsViewContentOnlySelf, "不可以", "可以"); ControlUtils.SelectSingleItemIgnoreCase(RblIsViewContentOnlySelf, ConfigManager.SystemConfigInfo.IsViewContentOnlySelf.ToString()); } @@ -61,6 +67,11 @@ public void RblIsLoginFailToLock_SelectedIndexChanged(object sender, EventArgs e PhFailToLock.Visible = TranslateUtils.ToBool(RblIsLoginFailToLock.SelectedValue); } + public void RblIsEnforcePasswordChanges_SelectedIndexChanged(object sender, EventArgs e) + { + PhIsEnforcePasswordChanges.Visible = TranslateUtils.ToBool(RblIsEnforcePasswordChanges.SelectedValue); + } + public void DdlLoginLockingType_SelectedIndexChanged(object sender, EventArgs e) { PhLoginLockingHours.Visible = !EUserLockTypeUtils.Equals(EUserLockType.Forever, DdlLoginLockingType.SelectedValue);
SiteServer.BackgroundPages/SiteServer.BackgroundPages.csproj+2 −2 modified@@ -64,8 +64,8 @@ <Reference Include="QueryBuilder, Version=1.1.7.0, Culture=neutral, processorArchitecture=MSIL"> <HintPath>..\packages\SqlKata.1.1.7\lib\net45\QueryBuilder.dll</HintPath> </Reference> - <Reference Include="SiteServer.Plugin, Version=2.3.11.0, Culture=neutral, processorArchitecture=MSIL"> - <HintPath>..\packages\SiteServer.Plugin.2.3.11\lib\net452\SiteServer.Plugin.dll</HintPath> + <Reference Include="SiteServer.Plugin, Version=2.3.13.0, Culture=neutral, processorArchitecture=MSIL"> + <HintPath>..\packages\SiteServer.Plugin.2.3.13\lib\net452\SiteServer.Plugin.dll</HintPath> </Reference> <Reference Include="System" /> <Reference Include="System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
SiteServer.Cli/packages.config+1 −1 modified@@ -16,7 +16,7 @@ <package id="Npgsql" version="4.0.7" targetFramework="net452" /> <package id="Oracle.ManagedDataAccess" version="18.6.0" targetFramework="net452" /> <package id="Quartz" version="3.0.6" targetFramework="net452" /> - <package id="SiteServer.Plugin" version="2.3.11" targetFramework="net452" /> + <package id="SiteServer.Plugin" version="2.3.13" targetFramework="net452" /> <package id="SqlKata" version="1.1.7" targetFramework="net452" /> <package id="System.Buffers" version="4.4.0" targetFramework="net452" /> <package id="System.Data.Common" version="4.3.0" targetFramework="net452" />
SiteServer.Cli/Program.cs+9 −2 modified@@ -99,7 +99,7 @@ private static void Main(string[] args) if (!Jobs.ContainsKey(CommandName)) { - RunHelpAsync(IsHelp, CommandName).GetAwaiter().GetResult(); + RunHelpAsync(IsHelp, CommandName, pluginJobs).GetAwaiter().GetResult(); } else if (!string.IsNullOrEmpty(Repeat)) { @@ -111,7 +111,7 @@ private static void Main(string[] args) } } - private static async Task RunHelpAsync(bool isHelp, string commandName) + private static async Task RunHelpAsync(bool isHelp, string commandName, Dictionary<string, Func<IJobContext, Task>> pluginJobs) { if (isHelp || string.IsNullOrEmpty(commandName)) { @@ -129,6 +129,13 @@ private static async Task RunHelpAsync(bool isHelp, string commandName) RestoreJob.PrintUsage(); UpdateJob.PrintUsage(); VersionJob.PrintUsage(); + + if (pluginJobs != null && pluginJobs.Count > 0) + { + Console.WriteLine($"插件命令: {TranslateUtils.ObjectCollectionToString(pluginJobs.Keys)}"); + Console.WriteLine(); + } + await CliUtils.PrintRowLine(); await CliUtils.PrintRow("https://www.siteserver.cn/docs/cli"); await CliUtils.PrintRowLine();
SiteServer.Cli/SiteServer.Cli.csproj+2 −2 modified@@ -81,8 +81,8 @@ <Reference Include="QueryBuilder, Version=1.1.7.0, Culture=neutral, processorArchitecture=MSIL"> <HintPath>..\packages\SqlKata.1.1.7\lib\net45\QueryBuilder.dll</HintPath> </Reference> - <Reference Include="SiteServer.Plugin, Version=2.3.11.0, Culture=neutral, processorArchitecture=MSIL"> - <HintPath>..\packages\SiteServer.Plugin.2.3.11\lib\net452\SiteServer.Plugin.dll</HintPath> + <Reference Include="SiteServer.Plugin, Version=2.3.13.0, Culture=neutral, processorArchitecture=MSIL"> + <HintPath>..\packages\SiteServer.Plugin.2.3.13\lib\net452\SiteServer.Plugin.dll</HintPath> </Reference> <Reference Include="System" /> <Reference Include="System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
SiteServer.CMS/Core/PathUtility.cs+3 −5 modified@@ -195,20 +195,18 @@ public static string GetUploadFileName(SiteInfo siteInfo, string filePath) isUploadChangeFileName = siteInfo.Additional.IsVideoUploadChangeFileName; } - return GetUploadFileName(siteInfo, filePath, isUploadChangeFileName); + return GetUploadFileName(filePath, isUploadChangeFileName); } - public static string GetUploadFileName(SiteInfo siteInfo, string filePath, bool isUploadChangeFileName) + public static string GetUploadFileName(string filePath, bool isUploadChangeFileName) { if (isUploadChangeFileName) { return $"{StringUtils.GetShortGuid(false)}{PathUtils.GetExtension(filePath)}"; } var fileName = PathUtils.GetFileNameWithoutExtension(filePath); - - fileName = StringUtils.ReplaceIgnoreCase(fileName, "as", string.Empty); - fileName = StringUtils.ReplaceIgnoreCase(fileName, ";", string.Empty); + fileName = PathUtils.GetSafeFilename(fileName); return $"{fileName}{PathUtils.GetExtension(filePath)}"; }
SiteServer.CMS/DataCache/ChannelManager.cs+19 −0 modified@@ -719,6 +719,25 @@ public static List<InputListItem> GetContentsColumns(SiteInfo siteInfo, ChannelI return items; } + public static List<InputStyle> GetInputStyles(SiteInfo siteInfo, ChannelInfo channelInfo) + { + var items = new List<InputStyle>(); + + var styleInfoList = ContentUtility.GetAllTableStyleInfoList(TableStyleManager.GetContentStyleInfoList(siteInfo, channelInfo)); + + foreach (var styleInfo in styleInfoList) + { + var listitem = new InputStyle + { + DisplayName = styleInfo.DisplayName, + AttributeName = styleInfo.AttributeName + }; + items.Add(listitem); + } + + return items; + } + public static bool IsAncestorOrSelf(int siteId, int parentId, int childId) { if (parentId == childId)
SiteServer.CMS/DataCache/Content/ContentManager.cs+8 −18 modified@@ -55,27 +55,17 @@ public static void InsertCache(SiteInfo siteInfo, ChannelInfo channelInfo, Conte StlContentCache.ClearCache(); } - public static void UpdateCache(SiteInfo siteInfo, ChannelInfo channelInfo, ContentInfo contentInfoToUpdate) + public static void UpdateCache(SiteInfo siteInfo, ChannelInfo channelInfo, ContentInfo contentInfo) { var dict = ContentCache.GetContentDict(channelInfo.Id); - var contentInfo = GetContentInfo(siteInfo, channelInfo, contentInfoToUpdate.Id); - if (contentInfo != null) - { - if (ListCache.IsChanged(channelInfo, contentInfo, contentInfoToUpdate)) - { - ListCache.Remove(channelInfo.Id); - } + ListCache.Remove(channelInfo.Id); - if (CountCache.IsChanged(contentInfo, contentInfoToUpdate)) - { - var tableName = ChannelManager.GetTableName(siteInfo, channelInfo); - CountCache.Remove(tableName, contentInfo); - CountCache.Add(tableName, contentInfoToUpdate); - } - } - - dict[contentInfoToUpdate.Id] = contentInfoToUpdate; + var tableName = ChannelManager.GetTableName(siteInfo, channelInfo); + CountCache.Remove(tableName, contentInfo); + CountCache.Add(tableName, contentInfo); + + dict[contentInfo.Id] = contentInfo; StlContentCache.ClearCache(); } @@ -98,7 +88,7 @@ public static List<ContentColumn> GetContentColumns(SiteInfo siteInfo, ChannelIn foreach (var styleInfo in styleInfoList) { - if (styleInfo.InputType == InputType.TextEditor) continue; + if (!includeAll && styleInfo.InputType == InputType.TextEditor) continue; var column = new ContentColumn {
SiteServer.CMS/ImportExport/ImportObject.cs+4 −1 modified@@ -424,7 +424,10 @@ public void ImportContentsByCsvFile(ChannelInfo channelInfo, string csvFilePath, { contentInfo.IsChecked = isChecked; contentInfo.CheckedLevel = checkedLevel; - contentInfo.AddDate = DateTime.Now; + if (!contentInfo.AddDate.HasValue) + { + contentInfo.AddDate = DateTime.Now; + } contentInfo.LastEditDate = DateTime.Now; contentInfo.AdminId = adminId; contentInfo.UserId = userId;
SiteServer.CMS/Model/Attributes/SystemConfigInfo.cs+6 −0 modified@@ -119,6 +119,12 @@ public int AdminLockLoginHours set => Set("AdminLockLoginHours", value); } + public bool IsAdminEnforcePasswordChanges + { + get => GetBool("IsAdminEnforcePasswordChanges"); + set => Set("IsAdminEnforcePasswordChanges", value); + } + /****************用户设置********************/ public bool IsUserRegistrationAllowed
SiteServer.CMS/packages.config+1 −1 modified@@ -21,7 +21,7 @@ <package id="NuGet.Packaging.Core" version="4.5.0" targetFramework="net461" /> <package id="NuGet.Versioning" version="4.5.0" targetFramework="net461" /> <package id="Oracle.ManagedDataAccess" version="18.6.0" targetFramework="net452" /> - <package id="SiteServer.Plugin" version="2.3.11" targetFramework="net452" /> + <package id="SiteServer.Plugin" version="2.3.13" targetFramework="net452" /> <package id="SqlKata" version="1.1.7" targetFramework="net452" /> <package id="System.Buffers" version="4.4.0" targetFramework="net452" /> <package id="System.Data.Common" version="4.3.0" targetFramework="net452" />
SiteServer.CMS/Plugin/Apis/ContentApi.cs+10 −2 modified@@ -3,7 +3,6 @@ using Datory; using SiteServer.CMS.Core; using SiteServer.CMS.DataCache; -using SiteServer.CMS.DataCache.Content; using SiteServer.CMS.Model; using SiteServer.CMS.Model.Attributes; using SiteServer.Plugin; @@ -24,7 +23,8 @@ public IContentInfo GetContentInfo(int siteId, int channelId, int contentId) var siteInfo = SiteManager.GetSiteInfo(siteId); var channelInfo = ChannelManager.GetChannelInfo(siteId, channelId); - return ContentManager.GetContentInfo(siteInfo, channelInfo, contentId); + //return ContentManager.GetContentInfo(siteInfo, channelInfo, contentId); + return DataProvider.ContentDao.GetCacheContentInfo(ChannelManager.GetTableName(siteInfo, channelInfo), channelInfo.Id, contentId); } public List<IContentInfo> GetContentInfoList(int siteId, int channelId, string whereString, string orderString, int limit, int offset) @@ -122,6 +122,14 @@ public List<TableColumn> GetTableColumns(int siteId, int channelId) return tableColumnList; } + public List<InputStyle> GetInputStyles(int siteId, int channelId) + { + var siteInfo = SiteManager.GetSiteInfo(siteId); + var channelInfo = ChannelManager.GetChannelInfo(siteId, channelId); + + return ChannelManager.GetInputStyles(siteInfo, channelInfo); + } + public string GetContentValue(int siteId, int channelId, int contentId, string attributeName) { if (siteId <= 0 || channelId <= 0 || contentId <= 0) return null;
SiteServer.CMS/Plugin/Impl/AttributesImpl.cs+8 −2 modified@@ -154,7 +154,10 @@ public void Load(string json) var dict = TranslateUtils.JsonDeserialize<Dictionary<string, object>>(json); foreach (var key in dict.Keys) { - _dataDict[key] = dict[key]; + if (!_dataDict.ContainsKey(key)) + { + _dataDict[key] = dict[key]; + } } } else @@ -186,7 +189,10 @@ public void Load(string json) foreach (string key in attributes.Keys) { - Set(key, attributes[key]); + if (!_dataDict.ContainsKey(key)) + { + Set(key, attributes[key]); + } } } }
SiteServer.CMS/Plugin/PluginManager.cs+10 −1 modified@@ -94,7 +94,16 @@ private static PluginInstance ActivePlugin(string directoryName) CopyDllsToBin(metadata.Id, dllDirectoryPath); //var assembly = Assembly.Load(File.ReadAllBytes(PathUtils.Combine(WebConfigUtils.PhysicalApplicationPath, "Bin", PathUtils.GetFileName(metadata.ExecuteFilePath)))); - var assembly = Assembly.Load(metadata.Id); // load the dll from bin directory + + Assembly assembly; + try + { + assembly = Assembly.Load(metadata.Id); // load the dll from bin directory + } + catch + { + assembly = Assembly.Load(File.ReadAllBytes(PathUtils.Combine(dllDirectoryPath, $"{metadata.Id}.dll"))); + } var type = assembly.GetExportedTypes().FirstOrDefault(exportedType => typeof(PluginBase).IsAssignableFrom(exportedType));
SiteServer.CMS/Provider/ContentDao.cs+3 −0 modified@@ -1288,6 +1288,9 @@ public void Update(SiteInfo siteInfo, ChannelInfo channelInfo, ContentInfo conte ContentManager.UpdateCache(siteInfo, channelInfo, contentInfo); ContentManager.RemoveCountCache(tableName); + + //TODO: must delete + //LogUtils.AddSiteLog(contentInfo.SiteId, contentInfo.ChannelId, contentInfo.Id, contentInfo.LastEditUserName, "更新内容", contentInfo.Content); } public int GetCountOfContentAdd(string tableName, int siteId, int channelId, EScopeType scope, DateTime begin, DateTime end, string userName, ETriState checkedState)
SiteServer.CMS/Provider/DatabaseDao.cs+12 −15 modified@@ -2023,28 +2023,25 @@ public string GetPageSqlString(string tableName, string columnNames, string wher } else if (WebConfigUtils.DatabaseType == DatabaseType.SqlServer && IsSqlServer2012) { - if (IsSqlServer2012) + retval = limit == 0 + ? $"SELECT {columnNames} FROM {tableName} {whereSqlString} {orderSqlString} OFFSET {offset} ROWS" + : $"SELECT {columnNames} FROM {tableName} {whereSqlString} {orderSqlString} OFFSET {offset} ROWS FETCH NEXT {limit} ROWS ONLY"; + } + else if (WebConfigUtils.DatabaseType == DatabaseType.SqlServer && !IsSqlServer2012) + { + if (offset == 0) { - retval = limit == 0 - ? $"SELECT {columnNames} FROM {tableName} {whereSqlString} {orderSqlString} OFFSET {offset} ROWS" - : $"SELECT {columnNames} FROM {tableName} {whereSqlString} {orderSqlString} OFFSET {offset} ROWS FETCH NEXT {limit} ROWS ONLY"; + retval = $"SELECT TOP {limit} {columnNames} FROM {tableName} {whereSqlString} {orderSqlString}"; } else { - if (offset == 0) - { - retval = $"SELECT TOP {limit} {columnNames} FROM {tableName} {whereSqlString} {orderSqlString}"; - } - else - { - var rowWhere = limit == 0 - ? $@"WHERE [row_num] > {offset}" - : $@"WHERE [row_num] BETWEEN {offset + 1} AND {offset + limit}"; + var rowWhere = limit == 0 + ? $@"WHERE [row_num] > {offset}" + : $@"WHERE [row_num] BETWEEN {offset + 1} AND {offset + limit}"; - retval = $@"SELECT * FROM ( + retval = $@"SELECT * FROM ( SELECT {columnNames}, ROW_NUMBER() OVER ({orderSqlString}) AS [row_num] FROM [{tableName}] {whereSqlString} ) as T {rowWhere}"; - } } } else if (WebConfigUtils.DatabaseType == DatabaseType.PostgreSql)
SiteServer.CMS/SiteServer.CMS.csproj+2 −2 modified@@ -88,8 +88,8 @@ <Reference Include="QueryBuilder, Version=1.1.7.0, Culture=neutral, processorArchitecture=MSIL"> <HintPath>..\packages\SqlKata.1.1.7\lib\net45\QueryBuilder.dll</HintPath> </Reference> - <Reference Include="SiteServer.Plugin, Version=2.3.11.0, Culture=neutral, processorArchitecture=MSIL"> - <HintPath>..\packages\SiteServer.Plugin.2.3.11\lib\net452\SiteServer.Plugin.dll</HintPath> + <Reference Include="SiteServer.Plugin, Version=2.3.13.0, Culture=neutral, processorArchitecture=MSIL"> + <HintPath>..\packages\SiteServer.Plugin.2.3.13\lib\net452\SiteServer.Plugin.dll</HintPath> </Reference> <Reference Include="System" /> <Reference Include="System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
SiteServer.CMS/StlParser/StlElement/StlPageItems.cs+10 −0 modified@@ -1,4 +1,5 @@ using System; +using System.Text; using SiteServer.CMS.Core; using SiteServer.CMS.StlParser.Model; using SiteServer.CMS.StlParser.Parsers; @@ -48,6 +49,15 @@ public static string Parse(string stlElement, PageInfo pageInfo, int channelId, } parsedContent = StlPageElementParser.ParseStlPageItems(stlElement, pageInfo, channelId, contentId, currentPageIndex, pageCount, totalNum, isXmlContent, contextType); + + ContextInfo contextInfo = new ContextInfo(pageInfo) + { + ContextType = contextType + }; + var innerBuilder = new StringBuilder(parsedContent); + StlParserManager.ParseInnerContent(innerBuilder, pageInfo, contextInfo); + parsedContent = innerBuilder.ToString(); + } catch (Exception ex) {
SiteServer.CMS/StlParser/StlElement/StlSearch.cs+3 −1 modified@@ -194,7 +194,9 @@ public static string Parse(PageInfo pageInfo, ContextInfo contextInfo) if (arr2 && arr2.length == 2) {{ var key = (arr2[0] || '').toLowerCase(); if (key) {{ - parameters[key] = decodeURIComponent(arr2[1]); + var value = decodeURIComponent(arr2[1]) || ''; + value = value.replace(/\+/g, ' '); + parameters[key] = value; }} }} }}
SiteServer.Utils/packages.config+1 −1 modified@@ -15,7 +15,7 @@ <package id="Newtonsoft.Json" version="12.0.2" targetFramework="net452" /> <package id="Npgsql" version="4.0.7" targetFramework="net452" /> <package id="Oracle.ManagedDataAccess" version="18.6.0" targetFramework="net452" /> - <package id="SiteServer.Plugin" version="2.3.11" targetFramework="net452" /> + <package id="SiteServer.Plugin" version="2.3.13" targetFramework="net452" /> <package id="SqlKata" version="1.1.7" targetFramework="net452" /> <package id="System.Buffers" version="4.4.0" targetFramework="net452" /> <package id="System.Data.Common" version="4.3.0" targetFramework="net452" />
SiteServer.Utils/PathUtils.cs+12 −0 modified@@ -104,6 +104,18 @@ public static string GetFileName(string filePath) return Path.GetFileName(filePath); } + private static char[] GetInvalidChars() + { + return Path.GetInvalidFileNameChars().Concat(Path.GetInvalidPathChars()).Concat(new[] {' ', ';'}).ToArray(); + } + + public static string GetSafeFilename(string filename) + { + if (string.IsNullOrEmpty(filename)) return StringUtils.GetShortGuid().ToLower(); + + return string.Join("_", filename.Split(GetInvalidChars())); + } + public static string GetFileNameWithoutExtension(string filePath) { return Path.GetFileNameWithoutExtension(filePath);
SiteServer.Utils/SiteServer.Utils.csproj+2 −2 modified@@ -70,8 +70,8 @@ <Reference Include="QueryBuilder, Version=1.1.7.0, Culture=neutral, processorArchitecture=MSIL"> <HintPath>..\packages\SqlKata.1.1.7\lib\net45\QueryBuilder.dll</HintPath> </Reference> - <Reference Include="SiteServer.Plugin, Version=2.3.11.0, Culture=neutral, processorArchitecture=MSIL"> - <HintPath>..\packages\SiteServer.Plugin.2.3.11\lib\net452\SiteServer.Plugin.dll</HintPath> + <Reference Include="SiteServer.Plugin, Version=2.3.13.0, Culture=neutral, processorArchitecture=MSIL"> + <HintPath>..\packages\SiteServer.Plugin.2.3.13\lib\net452\SiteServer.Plugin.dll</HintPath> </Reference> <Reference Include="System" /> <Reference Include="System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL">
SiteServer.Utils/StringUtils.cs+5 −0 modified@@ -484,6 +484,11 @@ private static bool IsTwoBytesChar(char chr) return Gb2312.GetByteCount(new[] { chr }) == 2; } + public static bool IsChinese(char c) + { + return 0x4e00 <= c && c <= 0x9fbb; + } + /// <summary> /// 得到innerText在content中的数目 /// </summary>
SiteServer.Web/packages.config+1 −1 modified@@ -25,7 +25,7 @@ <package id="Npgsql" version="4.0.7" targetFramework="net452" /> <package id="Oracle.ManagedDataAccess" version="18.6.0" targetFramework="net452" /> <package id="Owin" version="1.0" targetFramework="net461" /> - <package id="SiteServer.Plugin" version="2.3.11" targetFramework="net452" /> + <package id="SiteServer.Plugin" version="2.3.13" targetFramework="net452" /> <package id="SqlKata" version="1.1.7" targetFramework="net452" /> <package id="System.Buffers" version="4.4.0" targetFramework="net452" /> <package id="System.Data.Common" version="4.3.0" targetFramework="net452" />
SiteServer.Web/SiteServer.API.csproj+2 −2 modified@@ -93,8 +93,8 @@ <Reference Include="QueryBuilder, Version=1.1.7.0, Culture=neutral, processorArchitecture=MSIL"> <HintPath>..\packages\SqlKata.1.1.7\lib\net45\QueryBuilder.dll</HintPath> </Reference> - <Reference Include="SiteServer.Plugin, Version=2.3.11.0, Culture=neutral, processorArchitecture=MSIL"> - <HintPath>..\packages\SiteServer.Plugin.2.3.11\lib\net452\SiteServer.Plugin.dll</HintPath> + <Reference Include="SiteServer.Plugin, Version=2.3.13.0, Culture=neutral, processorArchitecture=MSIL"> + <HintPath>..\packages\SiteServer.Plugin.2.3.13\lib\net452\SiteServer.Plugin.dll</HintPath> </Reference> <Reference Include="System.Buffers, Version=4.0.2.0, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51, processorArchitecture=MSIL"> <HintPath>..\packages\System.Buffers.4.4.0\lib\netstandard1.1\System.Buffers.dll</HintPath>
SiteServer.Web/SiteServer/Settings/adminProfile.cshtml+2 −3 modified@@ -44,9 +44,8 @@ 账号 <small v-show="errors.has('userName')" class="text-danger">{{ errors.first('userName') }}</small> </label> - <input v-model="adminInfo.userName" :disabled="adminInfo.id > 0" name="userName" data-vv-as="账号" v-validate="'required|alpha_dash'" - :class="{'is-invalid': errors.has('userName') }" type="text" class="form-control" /> - <small class="form-text text-muted">帐号用于登录系统,由字母、数字组成</small> + <input v-model="adminInfo.userName" :disabled="adminInfo.id > 0" name="userName" data-vv-as="账号" v-validate="'required'" :class="{'is-invalid': errors.has('userName') }" type="text" class="form-control" /> + <small class="form-text text-muted">帐号用于登录系统</small> </div> <div class="form-group">
SiteServer.Web/SiteServer/Settings/pageAdminConfiguration.aspx+11 −0 modified@@ -89,6 +89,17 @@ </asp:PlaceHolder> </asp:PlaceHolder> + <div class="form-group"> + <label class="col-form-label">是否强制定期更改密码</label> + <asp:RadioButtonList ID="RblIsEnforcePasswordChanges" OnSelectedIndexChanged="RblIsEnforcePasswordChanges_SelectedIndexChanged" + class="radio radio-primary" runat="server" RepeatDirection="Horizontal" AutoPostBack="true"> + </asp:RadioButtonList> + </div> + + <asp:PlaceHolder id="PhIsEnforcePasswordChanges" runat="server"> + + </asp:PlaceHolder> + <div class="form-group"> <label class="col-form-label">管理员是否可以查看其他人添加的内容</label> <asp:RadioButtonList ID="RblIsViewContentOnlySelf" runat="server" class="radio radio-primary" RepeatDirection="Horizontal"></asp:RadioButtonList>
SiteServer.Web/Web.config+1 −18 modified@@ -1,8 +1,5 @@ <?xml version="1.0" encoding="utf-8"?> <configuration> - <configSections> - <section name="oracle.manageddataaccess.client" type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.122.18.3, Culture=neutral, PublicKeyToken=89b483f429c47342" /> - </configSections> <appSettings> <add key="PageInspector:ServerCodeMappingSupport" value="Disabled" /> <add key="ValidationSettings:UnobtrusiveValidationMode" value="None" /> @@ -13,8 +10,7 @@ <add key="HomeDirectory" value="Home" /> <add key="SecretKey" value="54bb60d15c65c345" /> <add key="DatabaseType" value="SqlServer" /> - <add key="ConnectionString" value="server=47.94.40.51;uid=sa;pwd=Capa20176630;database=mrxh_backup" /> - <!-- <add key="ConnectionString" value="" /> --> + <add key="ConnectionString" value="" /> </appSettings> <!-- 有关 web.config 更改的说明,请参见 http://go.microsoft.com/fwlink/?LinkId=235367。 @@ -117,17 +113,4 @@ </dependentAssembly> </assemblyBinding> </runtime> - <system.data> - <DbProviderFactories> - <remove invariant="Oracle.ManagedDataAccess.Client" /> - <add name="ODP.NET, Managed Driver" invariant="Oracle.ManagedDataAccess.Client" description="Oracle Data Provider for .NET, Managed Driver" type="Oracle.ManagedDataAccess.Client.OracleClientFactory, Oracle.ManagedDataAccess, Version=4.122.18.3, Culture=neutral, PublicKeyToken=89b483f429c47342" /> - </DbProviderFactories> - </system.data> - <oracle.manageddataaccess.client> - <version number="*"> - <dataSources> - <dataSource alias="SampleDataSource" descriptor="(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ORCL))) " /> - </dataSources> - </version> - </oracle.manageddataaccess.client> </configuration> \ No newline at end of file
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-ff4w-8chr-w2x9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11401ghsaADVISORY
- github.com/siteserver/cms/commit/a7edb9ce3f9b52be3d18fa8a0e44931264e22436ghsaWEB
- github.com/siteserver/cms/issues/1858ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.