Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kubix 多个目录遍历漏洞
Vulnerability Description
Kubix 0.7及之前版本中存在多个目录遍历漏洞。远程攻击者可以(1)借助到index.php的theme cookie中的".."序列,包含和运行任意的本地文件。它没有被includes/head.php正确的处理;(2)借助add_dl操作中到adm_index.php的文件参数中的".."序列,读取任意文件,比如读取connect.php。
CVSS Information
N/A
Vulnerability Type
N/A