Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ExBB italia 安全绕过漏洞
Vulnerability Description
ExBB Italia 0.22及其早期版本只对使用QUERY_STRING来进行某些路径操作的GET请求进行检查,远程攻击者通过(1) POST 或 (2) COOKIE 变量来绕过检查。该漏洞不同于CVE-2006-4488。注意:该漏洞还可以进一步扩大到通过在(a) new_exbb[home_path] 或(b) exbb[home_path] 参数中的一个URL到达modules/threadstop/threadstop.php来执行PHP远程文件包括攻击。
CVSS Information
N/A
Vulnerability Type
N/A