Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
bcoos 'include/common.php' 目录遍历漏洞
Vulnerability Description
bcoos的include/common.php存在目录遍历漏洞,远程攻击者借助modules/news/的默认URI的xoopsOption[pagetype]参数(参数包含一个"..")包含和执行任意本地文件。注意:该问题能通过产品合理的文件上传功能上载包含代码的文件,包括该文件实施杠杆化(增加威胁)。
CVSS Information
N/A
Vulnerability Type
N/A