Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .. (dot dot) in the p parameter, which reads the target file and attempts to execute the line using Perl's eval function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Avenger's News System目录遍历漏洞
Vulnerability Description
Avenger's News System (ANS)是用Perl编写的基于表单的WEB更新、管理工具,可运行于绝大多数Unix/Linux系统上。 ANS没有过滤URL请求中的"../",容易遭受目录遍历攻击,导致任意WEB Server进程有权读取的文件内容泄漏。 在ANS的配置文件中定义了$QUERY变量 <define QUERY>"$ENV{'QUERY_STRING'}" ANS实现中存在如下代码处理URL POST请求 if (substr($QUERY, 0, 2) eq "p=") {
CVSS Information
N/A
Vulnerability Type
N/A