Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Artmedic Newsletter Log.PHP 任意PHP代码执行漏洞
Vulnerability Description
artmedic newsletter 4.1及可能的其他版本在启用register_globals时,可以使远程攻击者借助对log.php的直接请求中的logfile参数,将$logfile变量重定义为由攻击者控制的值,以修改任意文件并执行任意PHP代码。比如将PHP代码注入info.php。
CVSS Information
N/A
Vulnerability Type
N/A