Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attackers to remotely include and execute malicious PHP files via the "subpath" variablein (1) entete.php, (2) enteteacceuil.php, (3) index.php, or (4) newtopic.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Benjamin Lefevre Dobermann Forum远程文件包含漏洞
Vulnerability Description
dobermann FORUM是一款由PHP编写基于WEB的论坛程序。 dobermann FORUM中部分脚本不正确使用Include()函数,远程攻击者可以利用这个漏洞包含远程服务器上的任意文件,导致文件中的代码以WEB进程权限执行。 论坛中entete.php,enteteacceuil.php,topic/entete.php脚本使用了如下代码: <?php @include $$subpath."banniere.php "; > 但是没有对变量$$subpath进行定义,攻击者可以在自己控制的
CVSS Information
N/A
Vulnerability Type
N/A