Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Event Calendar多个安全漏洞
Vulnerability Description
Event Calendar是一款phpnuke的事件日历模块。 Event Calendar没有充分过滤用户提交的URL数据,远程攻击者可以利用这个漏洞进行SQL和跨站脚本攻击,可获得敏感信息。 问题一是"config.php"脚本存在路径泄露问题: 直接提交"config.php"脚本可获得包含路径信息的错误消息,另外对'index.php '和'submit.php'的请求也存在此漏洞。 问题二是存在跨站脚本问题: 由于对用户提交的HTML恶意代码缺少充分过滤,部分参数可导致输入恶意代码,当其他用户
CVSS Information
N/A
Vulnerability Type
N/A