Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the set parameter, as demonstrated by sending a certain CLIENT_IP HTTP header in an enter action to index.php, and injecting PHP sequences into files/enter.set, which is then included by index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SetCMS 'index.php'目录遍历漏洞
Vulnerability Description
SetCMS 3.6.5中的index.php中存在目录遍历漏洞。远程攻击者可以借助设置参数中的"..",执行和包含任意的本地文件。例如向index.php发送一个确定的CLIENT_IP HTTP header,以及注入PHP序列到files/enter.set里都可以证实这一点。而后者接着会被放入index.php中。
CVSS Information
N/A
Vulnerability Type
N/A