Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
HotNews多个PHP文件包含漏洞
Vulnerability Description
HotNews是一款基于WEB的新闻发布系统。 HotNews存在多个文件包含问题,远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。 问题存在于hotnews-engine.inc.php3和hnmain.inc.php3中,这两个脚本对用户提交给"config[header]"和"config[incdir]"的URI参数缺少充分过滤,提交包含远程服务器上的恶意文件,可能以WEB进程权限执行恶意PHP脚本上的任意命令。
CVSS Information
N/A
Vulnerability Type
N/A