漏洞标题
N/A
漏洞描述信息
在SolidState 0.4及更早版本中,SolidState存在多个PHP远程文件包含漏洞,允许远程攻击者通过 manager/pages/ scripts中的base_path参数的URL执行任意PHP代码,包括(1) AccountsPage.class.php,(2) AddInvoicePage.class.php,(3) AddIPAddressPage.class.php,(4) AddPaymentPage.class.php,(5) AddTaxRulePage.class.php,(6) AssignDomainPage.class.php,(7) AssignHostingPage.class.php,(8) AssignProductPage.class.php,(9) BillingPage.class.php,(10) BillingPaymentPage.class.php,(11) BrowseAccountsPage.class.php,(12) BrowseInvoicesPage.class.php,(13) ConfigureEditUserPage.class.php,(14) ConfigureNewUserPage.class.php,(15) ConfigureNewUserReceiptPage.class.php,(16) ConfigureUsersPage.class.php,(17) DeleteAccountPage.class.php,(18) DeleteDomainServicePage.class.php,(19) DeleteHostingServicePage.class.php,(20) DeleteInvoicePage.class.php,(21) DeleteProductPage.class.php,(22) DeleteServerPage.class.php,(23) DomainServicesPage.class.php,(24) DomainsPage.class.php,(25) EditAccountPage.class.php,(26) EditDomainPage.class.php,(27) EditDomainServicePage.class.php,(28) EditHostingServicePage.class.php,(29) EditPaymentPage.class.php,(30) EditProductPage.class.php,(31) EditServerPage.class.php,(32) EmailInvoicePage.class.php,(33) ExecuteOrderPage.class.php,(34) ExpiredDomainsPage.class.php,(35) FulfilledOrdersPage.class.php,(36) GenerateInvoicesPage.class.php,(37) HomePage.class.php,(38) InactiveAccountsPage.class.php,(39) IPManagerPage.class.php,(40) LoginPage.class.php,(41) LogPage.class.php,(42) ModulesPage.class.php,(43) NewAccountPage.class.php,(44) NewDomainServicePage.class.php,(45) NewProductPage.class.php,(46) OutstandingInvoicesPage.class.php,(47) PendingAccountsPage.class.php,(48) PendingOrdersPage.class.php,(49) PrintInvoicePage.class.php,(50) ProductsPage.class.php,(51) RegisterDomainPage.class.php,(52) RegisteredDomainsPage.class.php,(53) ServersPage.class.php,(54) ServicesHostingServicesPage.class.php,(55) ServicesNewHostingPage.class.php,(56) ServicesPage.class.php,(57) ServicesWebHostingPage.class.php,(58) SettingsPage.class.php,(59) TaxesPage.class.php,(60) TransferDomainPage.class.php,(61) ViewAccountPage.class.php,(62) ViewDomainServicePage.class.php,(63) ViewHostingServicePage.class.php,(64) ViewInvoicePage.class.php,(65) ViewLogMessagePage.class.php,(66) ViewOrderPage.class.php,(67) ViewProductPage.class.php,(68) ViewServerPage.class.php,(69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php,(71) modules/SolidStateModule.class.php,(72) modules/authorizeaim/authorizeaim.class.php,(73) modules/authorizeaim/pages/AAIMConfigPage.class.php."
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
SolidState 'manager/pages/'多个PHP远程文件包含漏洞
漏洞描述信息
SolidState中存在多个PHP远程文件包含漏洞,远程攻击者可以通过manager/pages/目录下某些脚本的base_path参数中的URL执行任意PHP代码,这些脚本包括:(1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDoma
CVSS信息
N/A
漏洞类别
授权问题