Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBannerExchange resetpw.php sql注入漏洞
Vulnerability Description
phpBannerExchange 2.0 Update 6之前版本中的resetpw.php存在解释冲突。远程攻击者可以借助e-mail地址之后含有空(%00) 字符的email参数, 通过eregi PHP命令中的验证检查,从而执行任意SQL命令。 注意: 有人可能认为此漏洞是由 eregi PHP命令中的bug所致,应当在PHP中进行适当修复;如果是这样,则不应将其视为phpBannerExchange中的漏洞。
CVSS Information
N/A
Vulnerability Type
N/A