漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zomplog themes/default/目录遍历漏洞
Vulnerability Description
ZomPlog 3.7.6及之前版本的themes/default/中存在目录遍历漏洞。远程攻击者可以借助settings[skin]参数中的“..”操作符包含任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A