Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPKit UNC路径远程文件包含漏洞
Vulnerability Description
PHPKIT是一套基于Web的内容管理系统(CMS)。该系统提供论坛、留言板等模块。 PHPKIT处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。PHPKIT的include.php没有正确验证path参数中的数据,远程攻击者可以在输入中插入UNC路径或FTPS资源,包含远程服务器上的SMB或FTP服务器的PHP脚本代码执行。
CVSS Information
N/A
Vulnerability Type
N/A