漏洞标题
N/A
漏洞描述信息
"在phpCOIN 1.2.3版本中存在多个PHP远程文件包含漏洞,允许远程攻击者通过coin_includes脚本中的_CCFG[_PKG_PATH_INCL]参数,包括(1)api.php,(2)common.php,(3)core.php,(4)custom.php,(5)db.php,(6)redirect.php或(7)session_set.php,执行任意的PHP代码。请注意:此信息的来源未知;详细信息来自第三方信息。"
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
phpCOIN 多个PHP远程文件包含漏洞
漏洞描述信息
phpCOIN 1.2.3中存在多个PHP远程文件包含漏洞,远程攻击者可借助coin_includes类脚本中的_CCFG[_PKG_PATH_INCL]参数执行任意PHP代码,具体脚本包括:(1) api.php,(2) common.php,(3) core.php,(4) custom.php,(5) db.php,(6) redirect.php或 (7) session_set.php脚本。
CVSS信息
N/A
漏洞类别
授权问题