Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and earlier allows remote authenticated users to read and include arbitrary files via the PNSVlang cookie, as demonstrated by uploading a GIF image using AddDownload or injecting PHP code into a log file, then accessing it.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MDPro error.php 目录遍历漏洞
Vulnerability Description
MD-Pro 1.0.76及之前版本的error.php中存在目录遍历漏洞。远程认证用户可以借助PNSVlang cookie,读取和包含任意文件。比如通过使用AddDownload或注入PHP代码到日志文件来上传一个GIF图像,然后再访问它。
CVSS Information
N/A
Vulnerability Type
N/A