Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP包含文件相对目录信息泄露漏洞
Vulnerability Description
PHP是使用广泛的脚本语言,主要用于WEB开发和CGI编程。 当使用Apache服务器时,一些默认配置的PHP版本存在路径泄漏的漏洞。 如果PHP包含文件使用相对目录,可能引起包含引用失败。在PHP文件尾部添加斜杠'/',然后提交请求,将返回错误信息和包含文件的完整路径。 'Require'引用一样存在这个问题。
CVSS Information
N/A
Vulnerability Type
N/A