Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Advanced Guestbook 多个错误信息漏洞
Vulnerability Description
Advanced Guestbook 允许远程攻击者借助一个提交到(a)lang/codes-english.php或(b)image.php的无效的(1)GB_TBL参数(显示数据库名);到index.php的无效的(2)GB_DB 参数(显示安装路径)或对不带有任何参数或cookies的index.php的一个直接请求(显示安装路径),获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A