N/A

Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, and (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php and (7) profile.php in members/; (8) index.php and (9) fullview.php in news/; and (10) nopermission.php.

N/A

N/A

Exero CMS 'index.php' 多个目录遍历漏洞

Exero CMS 1.0.1的默认主题(Default theme)中的多个目录遍历漏洞。远程攻击者通过主体参数中的目录遍历序列到达(1) index.php, (2) editpassword.php, 和 (3) avatar.php in usercp/; (4) custompage.php; (5) errors/404.php; (6) memberslist.php 与 (7) profile.php in members/; (8) index.php and (9) fullview.

N/A

N/A