N/A

Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php with a postek parameter containing PHP code, which is injected into a file in the kg directory, and then included by sesskglogadmin.php.

N/A

N/A

KGB 'Sesskglogadmin.PHP' 本地文件包含漏洞

KGB 1.9及之前版本的sesskglogadmin.php中存在目录遍历漏洞。远程攻击者可以借助skinnn参数中的..，来包含本地文件。比如通过一个包含PHP代码的postek参数来调用kg.php。PHP代码会被注入到kg目录中的一个文件，然后被sesskglogadmin.php包含。

N/A

N/A