Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GONiCUS System Administrator远程文件包含漏洞
Vulnerability Description
GOnicus System Administrator是一款基于PHP的管理LDAP数据库中的帐户/系统的工具。 部分PHP脚本对用户提供的输入缺少充分过滤,远程攻击者可以利用这个漏洞包含远程服务器上的文件,以WEB进程权限执行恶意文件中的任意命令。 下面的PHP脚本由于对包含文件的请求缺少正确检查,可以设置plugin变量来执行远程服务器上的任意文件: plugins/3fax/1blocklists/index.php plugins/2administration/6departamentadmi
CVSS Information
N/A
Vulnerability Type
N/A