Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated users to configure arbitrary local files for execution via directory traversal sequences in the value of the theme_dir field during a jsoption action, related to Sources/QueryString.php and Sources/Themes.php, as demonstrated by a local .gif file in attachments/ with PHP code that was uploaded through a profile2 action to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Simple Machines Forum 'index.php'目录遍历漏洞
Vulnerability Description
Simple Machines Forum (SMF) 1.0.15之前的1.0版本和1.1.7之前的1.1版本中的index.php存在目录遍历漏洞。在jsoption过程中,远程认证用户可以借助theme_dir字段的值中的目录遍历序列,配置任意的本地文件。该漏洞与Sources/QueryString.php和Sources/Themes.php有关。
CVSS Information
N/A
Vulnerability Type
N/A