漏洞标题
N/A
漏洞描述信息
**争议**
phpWebSite 0.10.2中多个PHP远程文件包含漏洞允许远程攻击者通过(1)init.php,(2)users.php,(3)Cookie.php,(4)forms.php,(5)Groups.php,(6)ModSetting.php,(7)Calendar.php,(8)DateTime.php,(9)core.php,(10)ImgLibrary.php,(11)Manager.php和(12)Template.php以及(13)EZform.php中的PHP源文件URL执行任意的PHP代码。
注意:CVE反驳此报告,因为“PHPWS_SOURCE_DIR”被定义为常量,而不是作为变量访问。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in phpWebSite 0.10.2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPWS_SOURCE_DIR parameter in (1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php, and (13) EZform.php. NOTE: CVE disputes this report, since "PHPWS_SOURCE_DIR" is defined as a constant, not accessed as a variable
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
已注销:PHPWebSite 多个远程文件包含漏洞
漏洞描述信息
phpWebSite 0.10.2中的多个PHP远程文件包含漏洞,远程攻击者可以通过(1) init.php, (2) users.php, (3) Cookie.php, (4) forms.php, (5) Groups.php, (6) ModSetting.php, (7) Calendar.php, (8) DateTime.php, (9) core.php, (10) ImgLibrary.php, (11) Manager.php, and (12) Template.php和(13) E
CVSS信息
N/A
漏洞类别
授权问题