漏洞标题
N/A
漏洞描述信息
在 GeekLog 1.4 中存在多个 PHP 远程文件包含漏洞,允许远程攻击者通过 _CONF[path] 参数中的 URL 执行任意代码,这些漏洞包括:(1) links/functions.inc,(2) polls/functions.inc,(3) spamx/BlackList.Examine.class.php,(4) spamx/DeleteComment.Action.class.php,(5) spamx/EditIPofURL.Admin.class.php,(6) spamx/MTBlackList.Examine.class.php,(7) spamx/MassDelete.Admin.class.php,(8) spamx/MailAdmin.Action.class.php,(9) spamx/Mass DelTrackback.Admin.class.php,(10) spamx/EditHeader.Admin.class.php,(11) spamx/EditIP.Admin.class.php,(12) spamx/IPofUrl.Examine.class.php,(13) spamx/Import.Admin.class.php,(14) spamx/LogView.Admin.class.php,(15) staticpages/functions.inc,在插件/目录中。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Geeklog多个远程文件包含漏洞
漏洞描述信息
GeekLog存在多个PHP远程文件包含漏洞,远程攻击者可通过传给在plugins/目录下的(1)links/functions.inc,(2)polls/functions.inc,(3)spamx/BlackList.Examine.class.php,(4)spamx/DeleteComment.Action.class.php,(5)spamx/EditIPofURL.Admin.class.php,(6)spamx/MTBlackList.Examine.class.php,(7)spamx/M
CVSS信息
N/A
漏洞类别
授权问题