Baicloud CMS is a lightweight content management system (CMS) based on PHP and MySQL and running on Linux, windows and other platforms

Related tags

CMS BaiCloud
Overview

BaiCloud-cms

About

BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the project website for more information.
BaiCloud-cms是一款功能强大的开源cms,允许您创建专业网站和可扩展的web应用程序。有关更多信息,请访问项目网站

Installation steps

Step 1: upload the program to the root directory of the server website
Step 2: run the install directory to install (enter http: / / your domain name / install in the address bar)
Step 3: delete the install directory and its files after installation
安装步骤
第一步:上传程序到服务器网站根目录
第二步:运行install目录进行安装(在地址栏输入http://你的域名/install)
第三步:安装完后删除install目录及里面的文件

Installation platform requirements

Windows 平台——IIS/Apache/Nginx + PHP4/PHP5.2/PHP5.3/PHP7 + MySQL4/5
Linux/Unix 平台——Apache + PHP4/PHP5/PHP7 + MySQL4/5 (PHP必须在非安全模式下运行)

PHP must be an environment or enabled system function

allow_url_fopen
GD extension library
MySQL extension library
Mysqli extension librar

function

User hierarchical management function (user group)
用户分级管理功能(用户组)
By setting up user groups and assigning different permissions to each user group, the hierarchical management of registered members is realized.
通过设制用户组,分配给每个用户组不同的权限,来实现注册会员的分级管理。
Function of seizing advertising position on the home page
抢占首页广告位置功能
After the registered user logs in to the user center, he can use this function to seize the advertisements at the designated position on the home page of the website( This function is originally created by this program)
注册用户登陆用户中心后,可利用此功能抢占网站首页指定位置的广告。(此功能为本程序独创)
Custom template, custom label, custom directory name function
自定义模板,自定义标签,自定义目录名功能
Make the website flexible and easy to control. Front page layout, style, text, links, directory names and other elements can be changed in the background through website management.
使网站灵活,易控。前台页布局,风格,文字,链接,目录名等所有元素都可通过网站管理后台更改。
Custom product attribute parameter function
自定义产品属性参数功能
Product attribute parameters can be customized. You can also customize the single choice attributes of products to meet the accurate description and release of products in various industries
可自定义产品属性参数。也可自定义产品的单选属性,可满足各行业产品的精确描述与发布

License

BaiCloud-cms is licensed under the terms of the LGPLv3.

Development Team

BaiCloud-cms was created by 北京互与 They will continue to follow up
BaiCloud-cms由北京互与创建,他们都在继续开发该平台。

You might also like...
Charcoal Content Management System (CMS) Module

Charcoal CMS The CMS Charcoal Module (Content Management System). Provides basic objects to build a website. Notably, Section (or page), News, Event a

An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles
An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles

An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles. It provides a full featured, multi-language CMS system with an innovative page and form assembling process, versioning, workflow, translation and media managers and much more.

A Concrete CMS package to add interfaces to translate multilingual content. You can translate content manually, or use cloud API.

Concrete CMS add-on: Macareux Content Translator Concrete CMS has powerful features to manage multilingual content by its default. You can add languag

Question2Answer is a free and open source platform for Q&A sites, running on PHP/MySQL.
Question2Answer is a free and open source platform for Q&A sites, running on PHP/MySQL.

Question2Answer (Q2A) is a popular free open source Q&A platform for PHP/MySQL, used by over 22,000 sites in 40 languages.

Simple, modular content management system adapted for launch pages and one-page websites

Segmint Segmint is an easy-to-use flat-file landing page framework, allowing quick and efficient prototyping and deployment - perfect for freelancers

Core framework that implements the functionality of the Sulu content management system
Core framework that implements the functionality of the Sulu content management system

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. Sulu is developed to deliver robust multi-lingua

ExpressionEngine is a mature, flexible, secure, free open-source content management system.

ExpressionEngine is a flexible, feature-rich, free open-source content management platform that empowers hundreds of thousands of individuals and organizations around the world to easily manage their web site.

Mecha is a flat-file content management system for minimalists.
Mecha is a flat-file content management system for minimalists.

Mecha CMS Mecha is a flat-file content management system for minimalists. Front-End The default layout uses only Serif and Mono fonts. Different opera

Feindura - Flat File Content Management System

feindura - Flat File Content Management System Copyright (C) Fabian Vogelsteller [frozeman.de] published under the GNU General Public License version

Comments
  • Some Arbitrary File Deletion vulnerabilities Bugs

    Some Arbitrary File Deletion vulnerabilities Bugs

    Vulnerability Name: Multiple Arbitrary File Deletion

    Product version: 2.5.7 Download link

    file location:/user/licence_save.php,/user/ztconfig.php,/user/zssave.php Vulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

    Proof of Concept 1

    Vulnerable URL:/user/licence_save.php Vulnerable Code: line 22 image we just need post id as param and then use unlink to delete the file as long as the file exists(the base dir is ../),for example,we can delete install.lock image

    Proof of Concept 2

    Vulnerable URL:/user/ztconfig.php Vulnerable Code: line 68 image

    exp

    POST /user/ztconfig.php?action=modify 
    oldimg=install/install.lock
    
    

    Proof of Concept 3

    Vulnerable URL:/user/zssave.php Vulnerable Code: line 114 this base dir is ./ so exp

    POST /user/zssave.php
    action=modify&oldimg=../install/install.lock
    

    image

    opened by bkfish 0
  • Bug Report: Multiple Arbitrary File Deletion vulnerabilities

    Bug Report: Multiple Arbitrary File Deletion vulnerabilities

    Vulnerability Name: Multiple Arbitrary File Deletion

    Date of Discovery: 30 August 2021

    Product version: 2.5.7 Download link

    Author: hibiki-sama

    Vulnerability Description: When unsanitized user input is supplied to a file deletion function, an arbitrary file deletion vulnerability arises. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization. Exploiting the vulnerability allows an attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker can leverage the capability of arbitrary file deletion to circumvent certain webserver security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

    Proof of Concept 1

    Vulnerable URL: /user/ppsave.php Vulnerable Code: line 68 - kanacms\user

    11

    It can be found that there is no verification, just judge whether it is the same as the previous or default, and then use unlink to delete the file as long as the file exists

    Therefore, the vulnerability analysis and utilization are very simple

    22

    We deleted the installed lock file / install / install.lock 33

    Proof of Concept 2

    Vulnerable URL: /user/adv.php Vulnerable Code: line 77 - kanacms\user/adv.php

    There is an arbitrary file deletion vulnerability. I have to say that the system is really problematic in judging this

    The file causing the problem is in / user / adv.php

    It is also a problem caused by the comparison between oldimg and img

    44

    Similar to the above analysis, it only judges whether it is the same as the original, and then splices.. / and directly calls unlink, so the use is also very simple

    Just delete the hidden of the form attribute in HTML, and then directly enter the file name you want to delete

    opened by h1b1ki 1
  •  Bug fix

    Bug fix

    Our staff noticed that SQL injection was generated in / company / search.php due to controllable function name. Now we are trying our best to repair it

    opened by meiko-S 0
Releases(BaiCloud-cms)
Owner
null
BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the project website for more information.

BaiCloud-cms About BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the

null 5 Aug 15, 2022
e107 Bootstrap CMS (Content Management System) v2 with PHP, MySQL, HTML5, jQuery and Twitter Bootstrap

e107 is a free and open-source content management system (CMS) which allows you to manage and publish your content online with ease. Developers can save time in building websites and powerful online applications. Users can avoid programming completely! Blogs, websites, intranets – e107 does it all.

e107 Content Management System 298 Dec 17, 2022
Monstra is a modern and lightweight Content Management System.

Monstra is a modern and lightweight Content Management System.

Monstra Content Management 398 Dec 11, 2022
Flextype is an open-source Hybrid Content Management System with the freedom of a headless CMS and with the full functionality of a traditional CMS

Flextype is an open-source Hybrid Content Management System with the freedom of a headless CMS and with the full functionality of a traditional CMS. Building this Content Management System, we focused on simplicity. To achieve this, we implemented a simple but powerful API's.

Flextype 524 Dec 30, 2022
The repository for Coaster CMS (coastercms.org), a full featured, Laravel based Content Management System

The repository for Coaster CMS (coastercms.org) a Laravel based Content Management System with advanced features and Physical Web integration. Table o

Coaster CMS 392 Dec 23, 2022
Coaster CMS a full featured, Laravel based Content Management System

The repository for Coaster CMS (coastercms.org) a Laravel based Content Management System with advanced features and Physical Web integration. Table o

Coaster CMS 392 Dec 23, 2022
Soosyze CMS is a minimalist content management system in PHP, without database to create and manage your website easily

Soosyze CMS is a content management system without a database. It's easy to create and manage you

Soosyze 41 Jan 6, 2023
Fully CMS - Multi Language Content Management System - Laravel

Fully CMS Laravel 5.1 Content Managment System not stable! Features Laravel 5.1 Bootstrap Authentication Sentinel Ckeditor Bootstrap Code Prettify Fil

Sefa Karagöz 479 Dec 22, 2022
A small CMS for SaaS - A tiny content management system

Fervoare CMS A tiny content management system Project created in 2012 and ported to GitHub in 2021. Getting started Assuming you have installed a LAMP

Mark Jivko 3 Oct 1, 2022
Simple Content Management System (CMS) Blog Using Codeigniter with Hierarchical Model View Controller (HMVC) Architectural

Simple Content Management System (CMS) Blog Using Codeigniter with Hierarchical Model View Controller (HMVC) Architectural This is my source code trai

Simon Montaño 1 Oct 28, 2021