漏洞标题
N/A
漏洞描述信息
在IBD Micro CMS 3.5(aka 0.3.5)中, micro_cms_files/microcms-include.php 模块中的PHP远程文件包含漏洞允许远程攻击者通过 microcms_path 参数中的 URL 执行任意的PHP代码。请注意,后来报道说,这也可以 leveraged 来通过..(dot dot)序列包含并执行任意本地文件。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter. NOTE: it was later reported that this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Implied By Design Micro CMS PHP远程文件包含漏洞
漏洞描述信息
Micro CMS是一款小型的基于AJAX的内容管理系统。 Implied By Design (IBD) Micro CMS 3.5版本中的micro_cms_files/microcms-include.php中存在PHP远程文件包含漏洞。远程攻击者可借助microcms_path参数中的URL执行任意PHP代码。
CVSS信息
N/A
漏洞类别
代码注入