PHP-Proxima – ‘autohtml.php’ Information Disclosure

PHP-Proxima – ‘autohtml.php’ Information Disclosure

漏洞ID 1053870 漏洞类型
发布时间 2003-05-14 更新时间 2003-05-14
图片[1]-PHP-Proxima – ‘autohtml.php’ Information Disclosure-安全小百科CVE编号 N/A
图片[2]-PHP-Proxima – ‘autohtml.php’ Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22603
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7598/info

A vulnerability has been reported for PHP-Proxima. The problem occurs in the autohtml.php script. Specifically, the script fails to verify the contents of a user-supplied variable before including a specified file into an HTML file. As a result, a malicious remote user may be capable of using this as a channel to disclose the contents of arbitrary local system files.

It should be noted that all local files would be accessed with the privileges of user invoking PHP-Proxima. 

http://www.target.org/autohtml.php?op=modload&mainfile=x&name=filename

相关推荐: PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability

PHP socket_recvfrom() Signed Integer Memory Corruption Vulnerability 漏洞ID 1100575 漏洞类型 Failure to Handle Exceptional Conditions 发布…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享