Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in index.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter in a page view action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XZero Community Classifieds 目录遍历漏洞
Vulnerability Description
XZero Community Classifieds是一套基于PHP和MySQL的分类广告解决方案。该方案支持类别定制、内容安全防护和搜索引擎优化等。 XZero Community Classifieds 4.95.11及之前版本的index.php脚本中存在目录遍历漏洞。远程攻击者可借助page view操作中的‘pagename’参数中的目录遍历字符‘..’利用该漏洞包含和执行任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A