Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
W-Agora 多个输入验证漏洞
Vulnerability Description
w-Agora(Web-Agora)允许远程攻击者借助一个对包含有无效的(1)站点或(2)bn参数,(3)site[]参数的特定值或(4)bn[]参数的一个空值的请求,对index.php的包含有(5)site[]或(6)sort[]参数的特定值的请求;对profile.php的包含有site[]参数的空值的请求;或对search.php的包含有bn[]参数的空值或(9)pattern[]或(10)search_date[]参数的特定值,获得敏感信息。这会在不同的错误信息中显示路径。注意:提交到index
CVSS Information
N/A
Vulnerability Type
N/A