Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the cfg parameter for (1) 14all.cgi, (2) 14all-1.1.cgi, (3) traffic.cgi, or (4) mrtg.cgi.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MRTG CGI远程读取任意文件漏洞
Vulnerability Description
多路由器流量图示(Multi Router Traffic Grapher)是一个监视网络节点上流量的软件。MRTG生成包含GIF动画的HTML页面来表示出一个当时网络流量的图示。 MRTG CGI程序实现上存在输入验证错误,远程攻击者可以利用这个漏洞浏览主机上任意有权限读取的文件。 问题在于MRTG的一些CGI脚本未对用户输入做充分的过滤,远程攻击者通过在输入里插入"../"字串可以遍历主机上的目录,读取任意Web进程有权限读取的文件。受此漏洞影响的脚本程序有mrtg.cgi、traffic.cgi、1
CVSS Information
N/A
Vulnerability Type
N/A