Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in install_mod.php in insanevisions OneCMS 2.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter in a go action.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Insane Visions OneCMS load参数本地文件包含漏洞
Vulnerability Description
OneCMS是为网络游戏站点设计的内容管理系统。 OneCMS实现上存在输入验证漏洞,远程攻击者可以通过提交恶意的HTTP请求包含本地资源的任意文件,导致泄露敏感信息。 当act设置为go的时候,OneCMS的install_mod.php文件中没有正确过滤对load参数的输入便用于包含文件: $mod = $_GET['load']; $filexp = explode(".", $mod); $filetype = $filexp[1]; $file = $filexp[0]; $file2 = "m
CVSS Information
N/A
Vulnerability Type
N/A