Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Turnkey Web Tools PHP Live Helper 'initiate.php'目录遍历漏洞
Vulnerability Description
在Turnkey Web Tools PHP Live Helper 1.8,和可能后续版本的(1) initiate.php和(2)可能其它PHP脚本中存在目录遍历漏洞,远程经过身份验证的用户可通过language cookie中的目录遍历序列来包含和执行任意本地文件,如在用于userS.php中的gl_session cookie上载PHP代码中所示那样,引起代码被存于error.log中,然后被initiate.php所包含。
CVSS Information
N/A
Vulnerability Type
N/A