Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simple Machines Forum (SMF) 'index.php'目录遍历漏洞
Vulnerability Description
Simple Machines Forum (SMF) 1.0.15之前的1.0版本和1.1.7之前的1.1版本中的index.php存在目录遍历漏洞。在安装2过程中,远程认证管理员可以借助信息包参数中的..,安装来自任意目录的信息包。
CVSS Information
N/A
Vulnerability Type
N/A