漏洞标题
N/A
漏洞描述信息
John Lim ADOdb Library for PHP 允许远程攻击者通过直接请求获取敏感信息(1)服务器.php,(2)adodb-errorpear.inc.php,(3)adodb-iterator.inc.php,(4)adodb-pear.inc.php,(5)adodb-perf.inc.php,(6)adodb-xmlschema.inc.php,和(7)adodb.inc.php; 文件在数据dict包括(8)数据dict-access.inc.php,(9)数据dict-db2.inc.php,(10)数据dict-generic.inc.php,(11)数据dict-ibase.inc.php,(12)数据dict-informix.inc.php,(13)数据dict-mssql.inc.php,(14)数据dict-mysql.inc.php,(15)数据dict-oci8.inc.php,和(16)数据dict-postgres.inc.php; 文件在驱动程序/包括(18)adodb-access.inc.php,(19)adodb-ado.inc.php,(20)adodb-ado_access.inc.php,(21)adodb-ado_mssql.inc.php,(22)adodb-borland_ibase.inc.php,(23)adodb-csv.inc.php,(24)adodb-db2.inc.php,(25)adodb-fbsql.inc.php,(26)adodb-firebird.inc.php,(27)adodb-ibase.inc.php,(28)adodb-informix.inc.php,(29)adodb-informix72.inc.php,(30)adodb-mssql.inc.php,(31)adodb-mssqlpo.inc.php,(32)adodb-mysql.inc.php,(33)adodb-mysqli.inc.php,(34)adodb-mysqlt.inc.php,(35)adodb-oci8.inc.php,(36)adodb-oci805.inc.php,(37)adodb-oci8po.inc.php,(38)adodb-odbc.inc.php,(39)adodb-odbc_mssql.inc.php,(40)adodb-odbc_oracle.inc.php,(41)adodb-oracle.inc.php,(42)adodb-postgres64.inc.php,(43)adodb-postgres7.inc.php,(44)adodb-proxy.inc.php,(45)adodb-sapdb.inc.php,(46)adodb-sqlanywhere.inc.php,(47)adodb-sqlite.inc.php,(48)adodb-sybase.inc.php,(49)adodb-vfp.inc.php; 测试/文件(56)基准.php,(57)客户端.php,(58)测试数据dict.php,(59)测试性能.php,(60)测试pgblob.php,(61)测试php5.php,(62)测试xmlschema.php,(63)测试.php,(64)测试2.php,(65)测试3.php,(66)测试4.php,(67)测试5.php,(68)测试_rs_array.php,(69)测试缓存.php,(70)测试数据库.inc.php,(71)测试genid.php,(72)测试mssql.php,(73)测试oci8.php,(74)测试oci8cursor.php,(75)测试paging.php,(76)测试pear.php,(77)测试 sessions.php,(78)时间.php,或(79)tmssql.php,其中各种错误消息揭示了路径。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
John Lim ADOdb Library for PHP 敏感信息泄露漏洞
漏洞描述信息
John Lim ADOdb Library for PHP中的日期程序库,可让远程攻击者通过直接请求以下文件,在各种错误消息中揭示路径,从而获取敏感信息:(1) server.php、(2)adodb-errorpear.inc.php、(3)adodb-iterator.inc.php、(4)adodb-pear.inc.php、(5)adodb-perf.inc.php、(6)adodb-xmlschema.inc.php和(7)adodb.inc.php;datadict中的文件,包括(8)dat
CVSS信息
N/A
漏洞类别
授权问题