一、 漏洞 CVE-2006-0909 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
Invision Power Board (IPB) 2.1.4 和更早版本允许远程攻击者通过直接请求多个 PHP 脚本来查看敏感信息,这些脚本在错误消息中包含完整的路径,包括 (1) pear/text/diff/renderer/inline.php,(2) pear/text/diff/renderer/unified.php,(3) pear/text/diff3.php,(4) class_db.php,(5) class_db_mysql.php,和 (6) class_xml.php 在 ips_kernel/ 目录中的;(7) mysql_admin_queries.php,(8) mysql_extra_queries.php,(9) mysql_queries.php,和 (10) mysql_subsm_queries.php 在 sources/sql 目录中的;(11) sources/acp_loaders/acp_pages_components.php;(12) sources/action_admin/member.php 和 (13) sources/action_admin/paysubscriptions.php;(14) login.php,(15) messenger.php,(16) moderate.php,(17) paysubscriptions.php,(18) register.php,(19) search.php,(20) topics.php,(21) 和 usercp.php 在 sources/action_public 目录中的;(22) bbcode/class_bbcode.php,(23) bbcode/class_bbcode_legacy.php,(24) editor/class_editor_rte.php,(25) editor/class_editor_std.php,(26) post/class_post.php,(27) post/class_post_edit.php,(28) post/class_post_new.php,(29) 和 post/class_post_reply.php 在 sources/classes 目录中的;(30) sources/components_acp/registration_DEPR.php;(31) sources/handlers/han_paysubscriptions.php;(32) func_usercp.php;(33) search_mysql_ftext.php,(34) search_mysql_man.php 则在 sources/lib/ 目录中的;(35) convert/auth.php.bak,(36) external/auth.php,(37) ldap/auth.php 在 sources/loginauth 目录中的。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Invision Power Board 多个PHP脚本敏感信息泄露漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Invision Power Board (IPB) 2.1.4及之前版本可使远程攻击者借助对多个PHP脚本(在错误消息中包含完整路径,包括ips_kernel/目录中的(1) PEAR/Text/Diff/Renderer/inline.php、(2) PEAR/Text/Diff/Renderer/unified.php、(3) PEAR/Text/Diff3.php、(4) class_db.php、(5) class_db_mysql.php和(6) class_xml.php;sources/s
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
授权问题
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2006-0909 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2006-0909 的情报信息