PHP-Fusion Viewthread.PHP信息披露漏洞

PHP-Fusion Viewthread.PHP信息披露漏洞

漏洞ID 1108443 漏洞类型 输入验证
发布时间 2005-02-08 更新时间 2005-10-20
图片[1]-PHP-Fusion Viewthread.PHP信息披露漏洞-安全小百科CVE编号 CVE-2005-0345
图片[2]-PHP-Fusion Viewthread.PHP信息披露漏洞-安全小百科CNNVD-ID CNNVD-200505-264
漏洞平台 PHP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25089
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-264
|漏洞详情
php-fusion4.x的viewthread.php并不会检查(1)forum_id或(2)forum_cat参数,从而远程攻击者可以通过thread_id参数查看受保护的论坛。
|漏洞EXP
source: http://www.securityfocus.com/bid/12482/info

PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input.

It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable. 

http://www.example.com/fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2
|参考资料

来源:XF
名称:phpfusion-viewthread-obtain-information(19257)
链接:http://xforce.iss.net/xforce/xfdb/19257
来源:BUGTRAQ
名称:20050208php-fusion4.xvuln
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110788267311132&w;=2
来源:BID
名称:12482
链接:http://www.securityfocus.com/bid/12482

相关推荐: Cobalt RaQ2/RaQ3 Web Server Appliance cgiwrap bypass Vulnerability

Cobalt RaQ2/RaQ3 Web Server Appliance cgiwrap bypass Vulnerability 漏洞ID 1104183 漏洞类型 Configuration Error 发布时间 2000-05-23 更新时间 2000…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享