一、 漏洞 CVE-2007-5641 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在PHP项目管理0.8.10及更早版本中,多个PHP远程文件包含漏洞允许远程攻击者通过全路径参数中的URL执行任意PHP代码,包括(1) certinfo/index.php,(2) emails/index.php,(3) events/index.php,(4) fax/index.php,(5) files/index.php,(6) files/list.php,(7) groupadm/index.php,(8) history/index.php,(9) info/index.php,(10) log/index.php,(11) mail/index.php,(12) messages/index.php,(13) organizations/index.php,(14) phones/index.php,(15) presence/index.php,(16) projects/index.php,(17) projects/summary.inc.php,(18) projects/list.php,(19) reports/index.php,(20) search/index.php,(21) snf/index.php,(22) syslog/index.php,(23) tasks/searchsimilar.php,(24) tasks/index.php,(25) tasks/summary.inc.php,和(26) useradm/index.php在模块中;(27) /ajax/loadsplash.php;(28) /blocks/birthday.php;(29) /blocks/events.php;和(30) /blocks/help.php。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
PHP Project Management 多个远程文件包含漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
PHP Project Management 0.8.10版本及其早期版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助对(1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.p
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
代码注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2007-5641 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2007-5641 的情报信息