Unrated severityNVD Advisory· Published Apr 20, 2021· Updated Aug 4, 2024
CVE-2020-35314
CVE-2020-35314
Description
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WonderCMS/WonderCMSdescription
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/160311/WonderCMS-3.1.3-Remote-Code-Execution.htmlmitrex_refsource_MISC
- zetc0de.github.io/post/authenticated-rce-ssrf-wondercms/mitrex_refsource_MISC
- zetc0de.github.io/post/authenticated-rce-ssrf-wondercms/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.