Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in Online Grades & Attendance 3.2.5 and earlier, and possibly 3.2.6, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) GLOBALS[SKIN] parameter to index.php and the (2) skin parameter to admin/admin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Online Grades & Attendance多个目录遍历漏洞
Vulnerability Description
Online Grades & Attendance 3.2.5版本及其早期版本以及可能的3.2.6版本中存在多个目录遍历漏洞,当register_globals被激活时,远程攻击者可以借助(1)对index.php的GLOBALS[SKIN]参数和(2)对admin/admin.php的skin参数中的一个..,包含和允许任意本地文件。
CVSS Information
N/A
Vulnerability Type
N/A