Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple direct static code injection vulnerabilities in db/txt.inc.php in phpPowerCards 2.10, when register_globals is enabled, allow remote attackers to create or overwrite arbitrary files via the (1) email[to], (2) email[from], (3) name[to], (4) name[from], (5) picture, (6) comment, or (7) sessionID parameter, as demonstrated by creating a new .php file that permits remote file inclusion, and then requesting this file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PhpPowerCards 'txt.inc.php'直接静态代码注入漏洞
Vulnerability Description
phpPowerCards 2.10的db/txt.inc.php中存在多个直接静态代码注入漏洞,在启用register_globals的情况下,远程攻击者可以通过(1)email[to],(2)email[from],(3)name[to],(4)name[from],(5)picture,(6)comment或(7)sessionID参数来创建或重写任意文件,例如通过创建一个新的允许远程文件注入的.php文件,然后请求该文件即可触发此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A