漏洞标题
N/A
漏洞描述信息
Grayscale BandSite CMS 允许远程攻击者通过直接请求 (1) 包含在 include/content 目录中的某些文件,(2) include/shows_preview.php 和 adminpanel/configform.php 中的某些文件;以及 adminpanel/includes/ 中的文件,包括 (4) mailinglist/disphtmltbl.php,(5) mailinglist/dispxls.php,(6) mailinglist/sendshows.php,(7) previews/preview_bio.php,(8) previews/preview_genmerch.php,(9) previews/preview_fliers.php,(10) previews/preview_gbook.php,(11) previews/preview_interviews.php,(12) previews/preview_links.php,(13) previews/preview_lyrics.php,(14) previews/preview_membio.php,(15) previews/preview_merchphotos.php,(16) previews/preview_mp3s.php,(17) previews/preview_news.php,(18) previews/preview_photos.php,(19) previews/preview_releases.php,(20) previews/preview_relmerch.php,(21) previews/preview_relphotos.php,(22) previews/preview_reviews.php,(23) previews/preview_shows.php,(24) previews/preview_wearmerch.php,(25) change_forms/change_bio.php,(26) change_forms/change_fliers.php,(27) change_forms/change_gbook.php,(28) change_forms/change_gen_merch.php,(29) change_forms/change_interview.php,(30) change_forms/change_links.php,(31) change_forms/change_lyrics.php,(32) change_forms/change_members.php,(33) change_forms/change_merch.php,(34) change_forms/change_merch_pic.php,(35) change_forms/change_mp3s.php,(36) change_forms/change_news.php,(37) change_forms/change_photos.php,(38) change_forms/change_rel_merch.php,(39) change_forms/change_rel_pic.php,(40) change_forms/change_releases.php,(41) change_forms/change_reviews.php,(42) change_forms/change_shows.php,(43) change_forms/change_wear_merch.php,其中错误消息揭示了路径。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) previews/preview_bio.php, (8) previews/preview_genmerch.php, (9) previews/preview_fliers.php, (10) previews/preview_gbook.php, (11) previews/preview_interviews.php, (12) previews/preview_links.php, (13) previews/preview_lyrics.php, (14) previews/preview_membio.php, (15) previews/preview_merchphotos.php, (16) previews/preview_mp3s.php, (17) previews/preview_news.php, (18) previews/preview_photos.php, (19) previews/preview_releases.php, (20) previews/preview_relmerch.php, (21) previews/preview_relphotos.php, (22) previews/preview_reviews.php, (23) previews/preview_shows.php, (24) previews/preview_wearmerch.php, (25) change_forms/change_bio.php, (26) change_forms/change_fliers.php, (27) change_forms/change_gbook.php, (28) change_forms/change_gen_merch.php, (29) change_forms/change_interview.php, (30) change_forms/change_links.php, (31) change_forms/change_lyrics.php, (32) change_forms/change_members.php, (33) change_forms/change_merch.php, (34) change_forms/change_merch_pic.php, (35) change_forms/change_mp3s.php, (36) change_forms/change_news.php, (37) change_forms/change_photos.php, (38) change_forms/change_rel_merch.php, (39) change_forms/change_rel_pic.php, (40) change_forms/change_releases.php, (41) change_forms/change_reviews.php, (42) change_forms/change_shows.php, and (43) change_forms/change_wear_merch.php, which reveals the path in various error messages.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Grayscale BandSite CMS 多个输入验证漏洞
漏洞描述信息
Grayscale BandSite CMS可让远程攻击者通过直接请求以下文件,在各种错误消息中揭示路径,从而获取敏感信息:(1)includes/content目录中的某些文件,(2)includes/shows_preview.php和(3)adminpanel/configform.php;以及adminpanel/includes/中的文件,包括(4) mailinglist/disphtmltbl.php、(5)mailinglist/dispxls.php、(6)mailinglist/sen
CVSS信息
N/A
漏洞类别
授权问题