漏洞标题
N/A
漏洞描述信息
在Indexu 5.0.1版本的Index库中,多个PHP远程文件包含漏洞允许远程攻击者通过admin_template_path参数中的URL执行任意PHP代码(1)app_change_email.php,(2)app_change_pwd.php,(3)app_mod_rewrite.php,(4)app_page_caching.php,(5)app_setup.php,(6)cat_add.php,(7)cat_delete.php,(8)cat_edit.php,(9)cat_path_update.php,(10)cat_search.php,(11)cat_struc.php,(12)cat_view.php,(13)cat_view_hidden.php,(14)cat_view_hierarchy.php,(15)cat_view_registered_only.php,(16)checkurl_web.php,(17)db_alter.php,(18)db_alter_change.php,(19)db_backup.php,(20)db_export.php,(21)db_import.php,(22)editor_add.php,(23)editor_delete.php,(24)editor_validate.php,(25)head.php,(26)index.php,(27)inv_config.php,(28)inv_config_payment.php,(29)inv_create.php,(30)inv_delete.php,(31)inv_edit.php,(32)inv_markpaid.php,(33)inv_markunpaid.php,(34)inv_overdue.php,(35)inv_paid.php,(36)inv_send.php,(37)inv_unpaid.php,(38)lang_modify.php,(39)link_add.php,(40)link_bad.php,(41)link_bad_delete.php,(42)link_checkurl.php,(43)link_delete.php,(44)link_duplicate.php,(45)link_edit.php,(46)link_ premium_listing.php,(47)link_premium_sponsored.php,(48)link_search.php,(49)link_sponsored_listing.php,(50)link_validate.php,(51)link_validate_edit.php,(52)link_view.php,(53)log_search.php,(54)mail_modify.php,(55)menu.php,(56)message_create.php,(57)message_delete.php,(58)message_edit.php,(59)message_send.php,(60)message_subscriber.php,(61)message_view.php,(62)review_validate.php,(63)review_validate_edit.php,(64)summary.php,(65)template_active.php,(66)template_add_custom.php,(67)template_delete.php,(68)template_delete_file.php,(69)template_duplicate.php,(70)template_export.php,(71)template_import.php,(72)template_manager.php,(73)template_modify.php,(74)template_modify_file.php,(75)template_rename.php,(76)user_add.php,(77)user_delete.php,(78)user_edit.php,(79)user_search.php,(80)whos.php."
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Indexu 多个PHP远程文件包含漏洞
漏洞描述信息
Indexu 5.0.1版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助对以下的admin/ 脚本的admin_template_path参数中的一个URL,执行任意PHP代码,其包括: (1)app_change_email.php,(2)app_change_pwd.php,(3)app_mod_rewrite.php,(4)app_page_caching.php,(5)app_setup.php,(6)cat_add.php,(7)cat_delete.php,(8)cat_edit.ph
CVSS信息
N/A
漏洞类别
授权问题