漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
漏洞信息
N/A
漏洞
N/A
漏洞
lex Guestbook 'index.php' 目录遍历漏洞
漏洞信息
lex Guestbook 4.0.2及之前版本中存在多个目录遍历漏洞。远程攻击者可以借助提交到index.php的lang参数中的一个相对路径名,包含和运行任意的本地文件,借助提交到admin/skins.php的aj_skin和skin_edit参数,访问任意目录。
漏洞信息
N/A
漏洞
N/A