Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. NOTE: it is possible that this issue stems from a problem in VWar itself, but this is not clear.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPNuke-Clan functions_common.php远程文件包含漏洞
Vulnerability Description
PHPNuke-Clan是一款开放源码的社区内容管理系统。 PHPNuke-Clan的VWAR模块实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 PHPNuke-Clan的 modules/vWar_Account/includes/functions_common.php 没有正确过滤war_root参数值,导致攻击者可以通过从外部或本地资源包含PHP脚本来执行任意PHP代码。成功攻击要求必须启用了register_globals。
CVSS Information
N/A
Vulnerability Type
N/A