Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
MyCMS 多个输入验证漏洞
Vulnerability Description
MyCMS 0.9.8版本及其早期版本中存在多个直接静态代码注入漏洞。远程攻击者(1)可以借助score参数向_score.txt文件注入任意PHP代码,或(2)可以借助包含于games.php的一个登录cookie向 _setby.txt文件注入任意PHP代码。 注意:调用程序可能包括(a)snakep.php,(b)tetrisp.php,和可能的其他特定站点的文件。
CVSS Information
N/A
Vulnerability Type
N/A