Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in action_admin/paysubscriptions.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote authenticated administrators to include and execute arbitrary local PHP files via a .. (dot dot) in the name parameter, preceded by enough backspace (%08) characters to erase the initial static portion of a filename.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Invision Power Board action_admin/paysubscriptions.php 目录遍历漏洞
Vulnerability Description
20060425之前的Invision Power Board (IPB) 2.1.x和2.0.x版本中的action_admin/paysubscriptions.php中存在目录遍历漏洞。这使得远程攻击者可以借助于name参数中的..(两个点)包含并执行任意本地PHP文件,在..之前有足够多的空格字符(%08)以擦除文件名中的初始静态部分。
CVSS Information
N/A
Vulnerability Type
N/A