Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
GeSHi 'geshi.php' 远程代码执行漏洞
Vulnerability Description
GeSHi是用php编写的通用语法荧光笔,是一个编程辅助工具,支持PHP、HTML、C等语言。 ** 有争议的 ** Generic Syntax Highlighter (GeSHi) 1.0.8.1之前的版本的geshi.php中的set_language_path函数,可能允许远程攻击者借助特制的输入来引起文件包含攻击。 该输入会影响默认语言路径($path 变量)。 注意: 该漏洞一直存在争议。厂商宣称只有一个静态值被使用,所以并不是GeSHi中的一个漏洞。
CVSS Information
N/A
Vulnerability Type
N/A