Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP remote file inclusion vulnerability in install.php3 in @cid stats 2.3 allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. NOTE: this issue has been disputed by a third party, who states that install.php3 is supposed to be deleted after installation and, if not deleted, intentionally allows setting repertoire without an inclusion attack
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
cid stats install.php3 PHP远程文件包含漏洞
Vulnerability Description
** 有争议 ** @cid stats 2.3的install.php3存在PHP远程文件包含漏洞。远程攻击者可以借助repertoire参数中的URL,执行任意PHP代码。注:有一第三方对此问题有争议,指出install.php3假定在安装之后删除,如果未删除,有意允许设置不带包含攻击的库。
CVSS Information
N/A
Vulnerability Type
N/A