Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kayako eSupport 'autoclose.php' 远程文件包含漏洞
Vulnerability Description
Kayako eSupport是基于Web的后台技术支应用程序。 Kayako eSupport对用户请求的处理上存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Kayako eSupport的esupport/admin/autoclose.php脚本没有正确的过滤subd变量参数的输入,允许攻击者通过包含本地或外部资源导致执行任意代码。 相关的漏洞代码如下: require_once $subd . "functions.php";
CVSS Information
N/A
Vulnerability Type
N/A