漏洞标题
N/A
漏洞描述信息
daverave Link Bank中的add_link.txt文件的直接静态代码注入漏洞允许远程攻击者通过url_name参数执行任意的PHP代码,而该参数在存储在links.txt文件中之前并未进行过滤,随后在include语句中使用。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Link Bank ‘add_link.txt’直接静态代码注入漏洞
漏洞描述信息
在daverave Link Bank的add_link.txt中存在直接静态代码注入漏洞,远程攻击者可通过以下途径执行任意PHP代码:在存储到links.txt中之前,未经清洁的url_name参数,以后会用在包含叙述中。
CVSS信息
N/A
漏洞类别
授权问题