Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Magic Winmail服务器LDapLib.PHP远程安装路径泄露漏洞
Vulnerability Description
AMAX Magic Winmail服务器3.6版本存在漏洞。远程攻击者可以通过输入(1)如"()"的无效字符或(2)netaddressbook.php web form表格的Lookup字段的超多字符获得敏感信息,当ldap_search函数失败时在ldaplib.php出错消息中泄露路径。该漏洞归因于对$keyword变量的不正确处理。
CVSS Information
N/A
Vulnerability Type
N/A