Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WSN Forum Avatar图象上传PHP代码执行漏洞
Vulnerability Description
WSN Forum 1.3.4和更早的版本允许远程攻击者通过pathtoconfig参数中修改的路径名(指向包含PHP代码的avatar图像,且代码稍后可以通过prestart.php访问)来执行任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A