Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PhpWebGallery 'event_list.php' 脚本注入和代码执行漏洞
Vulnerability Description
PhpWebGallery中的plugins/event_tracer/event_list.php允许远程认证管理员借助sort参数中的一个PHP序列,来执行任意的PHP代码。该类别参数会被create_function处理。
CVSS Information
N/A
Vulnerability Type
N/A