Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '{' and '}' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "{user.password}" comment in the profile of the admin user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHPizabi 'template.class.php' 远程信息泄露漏洞
Vulnerability Description
PHPizabi 0.848b C1 HFP3的template.class.php的AssignUser函数在由 '{' and '}'字符划界的字符串中执行不安全的宏阔张,这会引起远程认证用户通过一个包含宏的注释(例如,在管理用户的剖面图的一个"{user.password}" 注释),以获得敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A