Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Net Portal Dynamic System (NPDS) admin/settings.php 静态代码注入漏洞
Vulnerability Description
Net Portal Dynamic System (NPDS) 5.10及之前版本的admin/settings.php中存在静态代码注入漏洞。远程认证用户可以借助"ConfigSave"项中提交到admin.php的xtop参数,注入任意的PHP代码。攻击者可以在之后,借助一个对admin.php的配置项,访问该文件。
CVSS Information
N/A
Vulnerability Type
N/A