Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Guestbara admin/configuration.php 直接静态代码注入漏洞
Vulnerability Description
Guestbara 1.2及之前版本的admin/configuration.php中存在直接静态代码注入漏洞。远程认证用户可以借助(1)admin_mail,(2)emotpatch,(3)login,(4)pass以及其他未明参数,注入任意的PHP代码到config.php文件。
CVSS Information
N/A
Vulnerability Type
N/A