Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Xcms index.php 多个目录遍历漏洞
Vulnerability Description
XCMS中的index.php存在多个目录遍历漏洞。远程攻击者可以借助以下方式中的一个".." 读取任意文件 :(1)对管理员界面的s参数或者(2)对任意模块的 pg参数,读取 dati/membri/下的一个.dtb文件的无用口令或者 or在uploads/avatar/下的images植入PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A