Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Stats多个输入验证和信息泄露漏洞
Vulnerability Description
在PHP-Stats 0.1.9.1及其早期版本中存在多个目录遍历漏洞,远程攻击者可以通过以下途径阅读和可能执行任意文件:在(1) 用于 (a) admin.php和(b)其它不明脚本中的选项[语言]和(2)选项[模板] 参数,和(3) 可能其它参数的..(该参数中包含..)。
CVSS Information
N/A
Vulnerability Type
N/A