漏洞标题
N/A
漏洞描述信息
**争议**
PHProjekt 0.6.1中Content Management模块(“Content manager”)中的多个PHP远程文件包含漏洞,当启用 register_globals 时,允许远程攻击者通过(1)cm_lib.inc.php、(2)doc/br.edithelp.php、(3)doc/de.edithelp.php、(4)doc/ct.edithelp.php、(5)userrating.php 和 (6)listing.php 中的 path_pre 参数执行任意PHP代码,与CVE-2006-4204不同,属于不同的vector。注意:一位第三方研究者对cm_lib.inc.phpvector的影响表示怀疑,认为其仅限于本地文件包含。20060905年的CVE分析证实了这一点,尽管可以使用ftpURL。剩余的五个vector也被该第三方研究者争议,表示在使用时path_pre变量会被初始化。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PHProjekt 多个PHP远程文件包含漏洞
漏洞描述信息
PHProjekt 0.6.1的"内容管理"模块("内容管理器")中的多个PHP远程文件包含漏洞,在启用register_globals时,可让远程攻击者通过(1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php和(6) listing.php中的path_pre参数执行任意PHP代码。
CVSS信息
N/A
漏洞类别
授权问题