基础信息
项目名称:ImpressCMS/impresscms
项目徽章:
仓库地址:https://github.com/pterodactyl/panel
检测报告地址:https://www.murphysec.com/console/report/1718802315116937216/1718802315439898624
此报告由Murphysec提供
漏洞列表
| 漏洞名称 | 漏洞类型 | MPS编号 | CVE编号 | 漏洞等级 |
|---|---|---|---|---|
| dompdf/dompdf 存在代码注入漏洞 | 代码注入 | MPS-2022-14193 | 高危 |
缺陷组件
| 组件名称 | 版本 | 最小修复版本 | 依赖关系 | 修复建议 |
|---|---|---|---|---|
| dompdf/dompdf | v2.0.3 | 间接依赖 | 建议修复 |
许可证风险
| 许可证类型 | 相关组件 | 许可证风险 |
|---|---|---|
| Apache-2.0 | 1 | 低 |
| BSD-3-Clause | 9 | 低 |
| MIT | 82 | 低 |
| LGPL-2.1 | 4 | 中 |
| LGPL-2.0 | 4 | 中 |
| CC0-1.0 | 1 | 低 |
| PDDL-1.0 | 1 | 低 |
| LGPL-3.0 | 4 | 中 |
| BSD-4-Clause | 1 | 低 |
| GPL-2.0 | 1 | 中 |
SBOM清单
| 组件名称 | 组件版本 | 是否直接依赖 | 仓库 |
|---|---|---|---|
| phpoption/phpoption | 1.9.0 | 间接依赖 | composer |
| imponeer/editor-contracts | v1.0.8 | 间接依赖 | composer |
| apix/simple-cache | 1.0.0 | 间接依赖 | composer |
| seld/jsonlint | 1.10.0 | 间接依赖 | composer |
| doctrine/lexer | 2.1.0 | 间接依赖 | composer |
| phpmailer/phpmailer | v6.8.1 | 间接依赖 | composer |
| symfony/polyfill-php80 | v1.28.0 | 间接依赖 | composer |
| ircmaxell/random-lib | v1.2.0 | 间接依赖 | composer |
| psr/http-message | 1.1 | 间接依赖 | composer |
| symfony/service-contracts | v2.5.2 | 间接依赖 | composer |
| impresscms/system-module | dev-main | 间接依赖 | composer |
| psr/http-server-handler | 1.0.1 | 间接依赖 | composer |
| mlocati/ip-lib | 1.18.0 | 间接依赖 | composer |
| imponeer/smarty-db-resource | v2.1.5 | 间接依赖 | composer |
| composer/ca-bundle | 1.3.7 | 间接依赖 | composer |
| old-xoops-libraries/php-downloader | v1.0.9 | 间接依赖 | composer |
| symfony/polyfill-ctype | v1.28.0 | 间接依赖 | composer |
| defuse/php-encryption | v2.4.0 | 间接依赖 | composer |
| fig/http-message-util | 1.1.5 | 间接依赖 | composer |
| silinternational/php-env | 2.1.1 | 间接依赖 | composer |
| impresscms/composer-addon-installer-plugin | v1.0.6 | 间接依赖 | composer |
| symfony/string | v5.4.26 | 间接依赖 | composer |
| symfony/polyfill-php73 | v1.28.0 | 间接依赖 | composer |
| justinrainbow/json-schema | v5.2.13 | 间接依赖 | composer |
| psr/http-factory | 1.0.2 | 间接依赖 | composer |
| paragonie/constant_time_encoding | v2.6.3 | 间接依赖 | composer |
| sunrise/http-router | v2.16.2 | 间接依赖 | composer |
| symfony/finder | v5.4.27 | 间接依赖 | composer |
| symfony/polyfill-php81 | v1.28.0 | 间接依赖 | composer |
| aura/sqlschema | 2.0.3 | 间接依赖 | composer |
| phpseclib/phpseclib | 3.0.19 | 间接依赖 | composer |
| typo3/class-alias-loader | v1.1.4 | 间接依赖 | composer |
| symfony/polyfill-intl-idn | v1.26.0 | 间接依赖 | composer |
| dflydev/fig-cookies | v3.0.0 | 间接依赖 | composer |
| narrowspark/http-emitter | 1.0.0 | 间接依赖 | composer |
| erusev/parsedown | 1.7.4 | 间接依赖 | composer |
| tuupola/callable-handler | 1.1.0 | 间接依赖 | composer |
| symfony/filesystem | v5.4.25 | 间接依赖 | composer |
| masterminds/html5 | 2.7.6 | 间接依赖 | composer |
| composer/composer | 2.6.4 | 间接依赖 | composer |
| sabberworm/php-css-parser | 8.4.0 | 间接依赖 | composer |
| imponeer/smarty-includeq | v1.1.7 | 间接依赖 | composer |
| matomo/referrer-spam-blacklist | 4.0.0 | 间接依赖 | composer |
| symfony/deprecation-contracts | v2.5.2 | 间接依赖 | composer |
| phenx/php-font-lib | 0.5.4 | 间接依赖 | composer |
| imponeer/smarty-xo | v1.1.8 | 间接依赖 | composer |
| imponeer/smarty-image | v1.1.5 | 间接依赖 | composer |
| middlewares/firewall | v2.0.3 | 间接依赖 | composer |
| tuupola/server-timing-middleware | 0.10.0 | 间接依赖 | composer |
| http-interop/http-factory-guzzle | 1.2.0 | 间接依赖 | composer |
| geshi/geshi | v1.0.9.1 | 间接依赖 | composer |
| react/promise | v3.0.0 | 间接依赖 | composer |
| symfony/polyfill-mbstring | v1.28.0 | 间接依赖 | composer |
| imponeer/criteria | v1.0.8 | 间接依赖 | composer |
| psr/cache | 1.0.1 | 间接依赖 | composer |
| keo/iso-639 | v1.0.0 | 间接依赖 | composer |
| impresscms/itheme-theme | dev-main | 间接依赖 | composer |
| imponeer/smarty-sunrise-http-router | v1.1.5 | 间接依赖 | composer |
| psr/http-server-middleware | 1.0.1 | 间接依赖 | composer |
| simplepie/simplepie | 1.8.0 | 间接依赖 | composer |
| graham-campbell/result-type | v1.1.0 | 间接依赖 | composer |
| vlucas/phpdotenv | v5.5.0 | 间接依赖 | composer |
| composer/class-map-generator | 1.1.0 | 间接依赖 | composer |
| symfony/process | v5.4.28 | 间接依赖 | composer |
| middlewares/utils | v3.3.0 | 间接依赖 | composer |
| seld/phar-utils | 1.2.1 | 间接依赖 | composer |
| ellipse/cookie-encryption | 1.1.0 | 间接依赖 | composer |
| middlewares/client-ip | v2.0.1 | 间接依赖 | composer |
| smarty/smarty | v4.3.4 | 间接依赖 | composer |
| symfony/polyfill-php72 | v1.26.0 | 间接依赖 | composer |
| composer/spdx-licenses | 1.5.7 | 间接依赖 | composer |
| symfony/polyfill-iconv | v1.28.0 | 间接依赖 | composer |
| doctrine/deprecations | v1.0.0 | 间接依赖 | composer |
| guzzlehttp/psr7 | 2.5.0 | 间接依赖 | composer |
| lulco/phoenix | 1.12.0 | 间接依赖 | composer |
| league/container | 3.4.1 | 间接依赖 | composer |
| composer/metadata-minifier | 1.0.0 | 间接依赖 | composer |
| symfony/translation-contracts | v2.5.2 | 间接依赖 | composer |
| imponeer/symfony-translations-constants-loader | v1.0.7 | 间接依赖 | composer |
| psr/container | 1.1.1 | 间接依赖 | composer |
| dompdf/dompdf | v2.0.3 | 间接依赖 | composer |
| imponeer/env | v1.0.8 | 间接依赖 | composer |
| seld/signal-handler | 2.0.2 | 间接依赖 | composer |
| impresscms/codemirror-integration | v0.2.7 | 间接依赖 | composer |
| aura/session | 2.1.0 | 间接依赖 | composer |
| cerdic/css-tidy | v2.1.0 | 间接依赖 | composer |
| symfony/stopwatch | v5.4.13 | 间接依赖 | composer |
| npm-asset/codemirror | 6.65.7 | 间接依赖 | composer |
| middlewares/referrer-spam | v2.0.3 | 间接依赖 | composer |
| league/flysystem | 2.5.0 | 间接依赖 | composer |
| phpseclib/bcmath_compat | 2.0.1 | 间接依赖 | composer |
| middlewares/base-path | v2.1.0 | 间接依赖 | composer |
| psr/simple-cache | 1.0.1 | 间接依赖 | composer |
| middlewares/encoder | v2.1.1 | 间接依赖 | composer |
| composer/semver | 3.4.0 | 间接依赖 | composer |
| ezyang/htmlpurifier | v4.16.0 | 间接依赖 | composer |
| php-console/php-console | 3.1.8 | 间接依赖 | composer |
| apix/cache | 1.3.5 | 间接依赖 | composer |
| symfony/translation | v5.4.24 | 间接依赖 | composer |
| impresscms/core-theme | dev-main | 间接依赖 | composer |
| doctrine/annotations | 1.14.3 | 间接依赖 | composer |
| composer-plugin-api | 间接依赖 | composer | |
| symfony/polyfill-intl-normalizer | v1.28.0 | 间接依赖 | composer |
| symfony/polyfill-intl-grapheme | v1.28.0 | 间接依赖 | composer |
| imponeer/smarty-foreachq | v1.1.7 | 间接依赖 | composer |
| phenx/php-svg-lib | 0.5.0 | 间接依赖 | composer |
| composer/pcre | 2.1.0 | 间接依赖 | composer |
| ircmaxell/security-lib | v1.1.0 | 间接依赖 | composer |
| paragonie/random_compat | v9.99.100 | 间接依赖 | composer |
| symfony/console | v5.4.28 | 间接依赖 | composer |
| myclabs/php-enum | 1.8.4 | 间接依赖 | composer |
| composer/xdebug-handler | 3.0.3 | 间接依赖 | composer |
| aura/sql | 4.0.0 | 间接依赖 | composer |
| imponeer/smarty-translate | v1.1.6 | 间接依赖 | composer |
| ralouphie/getallheaders | 3.0.3 | 间接依赖 | composer |
| suin/php-rss-writer | 1.6.0 | 间接依赖 | composer |
| monolog/monolog | 2.9.1 | 间接依赖 | composer |
| league/mime-type-detection | 1.12.0 | 间接依赖 | composer |
| smottt/wideimage | 1.1.4 | 间接依赖 | composer |
| imponeer/smarty-extensions-contracts | v2.0.5 | 间接依赖 | composer |
| middlewares/aura-session | v2.0.0 | 间接依赖 | composer |
| intervention/image | 2.7.2 | 间接依赖 | composer |
| psr/log | 1.1.4 | 间接依赖 | composer |