Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBB eXtreme Styles模块'admin_xs.php' 本地文件包含漏洞
Vulnerability Description
phpBB是非常流行的WEB论坛程序。 phpBB的eXtreme Styles模块处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。 如果设置了setmodules的话,phpBB的eXtreme Styles模块(XS-Mod)的admin/admin_xs.php文件中没有正确地验证对phpEx参数的输入便用于包含文件,攻击者通过目录遍历攻击包含本地资源的任意文件。成功攻击要求打开了register_globals。
CVSS Information
N/A
Vulnerability Type
N/A