Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Nuke Modpath参数文件包含漏洞
Vulnerability Description
PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke存在文件包含问题,远程攻击者可以利用这个漏洞以WEB进程权限查看系统任意文件内容。 PHP-Nuke对用户提交给'modpath'参数的数据缺少过滤,攻击者可以指定远程服务器上的恶意文件作为包含文件,可以以WEB进程权限执行恶意文件中的任意代码。
CVSS Information
N/A
Vulnerability Type
N/A