Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ISPConfig 多个远程文件包含漏洞
Vulnerability Description
** 有争议 ** ISPConfig 2.2.3存在多个PHP远程文件包含路漏洞。远程攻击者可以借助 (a) server.inc.php中的(1) go_info[isp][classes_root]参数, 以及(b) app.inc.php, (c) login.php和(d) trylogin.php中的(2) go_info[server][classes_root]参数,执行任意PHP代码。注: 厂商对此提出反驳,声称原研究者"研究了与安装后产生的系统不同的安装 tarball。 宣称的 $g
CVSS Information
N/A
Vulnerability Type
N/A