Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
A.l-Pifou 多个目录遍历漏洞
Vulnerability Description
A.l-Pifou 1.8p2中存在目录遍历漏洞,远程攻击者可以通过ze_langue_02 cookie中的".."序列读取任意文件,如使用choix_langue.php的choix_lng参数直接设置cookie,然后访问livre_dor.php来触发从inc/change_lang_ck.php进行包含所示,这可能与livre_livre.php相关。
CVSS Information
N/A
Vulnerability Type
N/A