漏洞标题
N/A
漏洞描述信息
在Naked CMS 0.5.2模块/ catalog/upload_photo.php中,存在PHP远程文件包含漏洞。当 magic_quotes_gpc 被禁用并启用 register_globals 时,允许远程攻击者通过 core[system_path] 参数中的URL执行任意的 PHP 代码。注意:某些这些信息是从第三方信息获得的。
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the core[system_path] parameter. NOTE: some of these details are obtained from third party information.
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Jeffkilroy Nakid CMS 'modules/catalog/upload_photo.php'PHP远程文件包含漏洞
漏洞描述信息
Nakid CMS 0.5.2的modules/catalog/upload_photo.php存在PHP远程文件包含漏洞。当magic_quotes_gpc被禁止时,远程攻击者可以借助core[system_path]参数执行任意的PHP代码。
CVSS信息
N/A
漏洞类别
代码注入