Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
(JAF) CMS 敏感信息泄露漏洞
Vulnerability Description
(JAF) CMS 3.0 Final之前版本中又一个flat文件存在安全漏洞,远程攻击者可借助提交到index.php脚本中的:(1) id参数中一个*(星号),(2) 一个空id参数,或(3) disp参数中一个*(星号),来获取敏感信息。这些参数会在出错消息中泄漏路径信息。注:漏洞追踪说明这可能属于目录遍历漏洞或文件包含漏洞。
CVSS Information
N/A
Vulnerability Type
N/A