Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter. NOTE: this issue has been disputed by a third party who states that the RootDirectory parameter is initialized before being used, for version 1.0. CVE analysis concurs with the dispute, but it is unclear whether older versions are affected
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Lussumo Vanilla 'upgrader.php' RootDirectory远程文件包含漏洞
Vulnerability Description
Vanilla是一个开源的多语言、完全可扩展的论坛程序。 Vanilla处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Vanilla的steup/upgrader.php脚本没有对RootDirectory目录做充分的检查过滤,攻击者可以使之包含远程服务器上的PHP脚本代码执行。
CVSS Information
N/A
Vulnerability Type
N/A