Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain '=' expressions, as demonstrated by a 'whatever="something"' sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPIDS 远程攻击漏洞
Vulnerability Description
PHPIDS 20070703版本之前的版本没有适当地处理(1)document.location.search和(2)document.referrer中的substr方法的使用; (3)document.location.hash的使用;(4)某"window[eval"和类似表达式;(5)某函数表达式;(6)某'='表达式,例如一个'whatever="something"'序列;以及(7)某"with"表达式,这会允许远程攻击者注入任意web脚本.
CVSS Information
N/A
Vulnerability Type
N/A