Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBB Nivisec Hacks List模块 目录遍历漏洞
Vulnerability Description
phpBB是一种用PHP语言实现的基于Web的开放源码论坛程序,使用较为广泛。它支持多种数据库作为后端,如Oracle、MSSQL、MySql、PostGres等等。 phpBB的实现上存在输入验证漏洞,远程攻击者可能利用此漏洞读取系统文件造成信息泄露。 phpBB的admin/admin_hacks_list.php文件中没有正确过滤phpEx变量,允许远程攻击者向phpBB.board_config[default_lang]包含任意本地文件。漏洞代码在admin_hacks_list.php的30-
CVSS Information
N/A
Vulnerability Type
N/A