漏洞标题
N/A
漏洞描述信息
adaIMC.99.3 在安装的.htaccess 文件中使用了不够严格的 FilesMatch 指令,这允许远程攻击者通过上传包含 (1) 功能,(2) 编辑器,(3) 新闻 wire,(4) otherpress,(5) 管理员,(6) pbook,(7) 媒体或 (8) 模块的文件来执行任意的 PHP 代码,这些文件处理为 PHP 文件类型(应用/x-httpd-php)。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
dadaIMC '.htaccess'文件任意PHP代码执行漏洞
漏洞描述信息
dadaIMC .99.3在已经安装的.htaccess文件中使用不充分限制的FilesMatch指令,远程攻击者可以通过上载文件名中含有(1)feature,(2)editor,(3)newswire,(4)otherpress,(5)admin,(6)pbook,(7)media或(8)mod的文件(当作PHP文件类型处理(application/x-httpd-php)来执行任意PHP代码。
CVSS信息
N/A
漏洞类别
授权问题