Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Nuke Error Manager模块多个安全漏洞
Vulnerability Description
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke包含的错误管理模块存在多个安全问题,远程攻击者可以利用这个漏洞获得敏感路径信息或获得进行验证的敏感信息。 1)路径泄露问题 问题存在与error.php文件中,提交任意参数给'newlang',可返回包含应用程序安装路径的敏感信息。 2)跨站脚本执行攻击 问题存在与error.php文件中,由于对'pagetitle'和
CVSS Information
N/A
Vulnerability Type
N/A