Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
e107 'ibrowser.php'执行任意PHP代码
Vulnerability Description
e107 0.75和更早版本,在输入数据包含的数值参数值与字母数字参数的杂凑值匹配时,未适当取消设置变量,远程攻击者可以通过e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php中的tinyMCE_imglib_include image/jpeg参数执行任意PHP代码,如通过多部分/形式的数据请求所示。
CVSS Information
N/A
Vulnerability Type
N/A