漏洞标题
DeShang DSShop MemberAuth.php 路径遍历
漏洞描述信息
在DeShang DSShop版本2.1.5及以上发现了一个被视为关键的漏洞。该漏洞影响文件application/home/controller/MemberAuth.php中未知的部分。通过操纵参数member_info,可以实现路径遍历: '../filedir'。远程启动攻击是可能的。漏洞利用已公开发布,可能被使用。该漏洞的标识符为VDB-250437。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
DeShang DSShop MemberAuth.php path traversal
漏洞描述信息
A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
漏洞类别
路径遍历:’../filedir’
漏洞标题
DeShang DSShop 安全漏洞
漏洞描述信息
DeShang DSShop是中国德尚(DeShang)公司的一款单店铺移动商城网店系统。 DeShang DSShop 2.1.5 版本之前存在安全漏洞,该漏洞源于文件 application/home/controller/MemberAuth.php 对参数 member_info 的操作导致路径遍历。
CVSS信息
N/A
漏洞类别
其他