Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XOOPS Mainfile.PHP 本地文件包含漏洞
Vulnerability Description
XOOPS 2.0.13.2及之前版本的mainfile.php在启用register_globals时,远程攻击者借助(1)对misc.php的xoopsConfig[language]或(2)对index.php的xoopsConfig[theme_set],进行目录遍历攻击或包含PHP文件,比如将PHP序列注入日志文件。
CVSS Information
N/A
Vulnerability Type
N/A