Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to inject arbitrary PHP code into include/config.ini.php via the pool1 parameter. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Citrix XenCenterWeb 'config/writeconfig.php'静态代码注入漏洞
Vulnerability Description
Citrix XenCenterWeb是用于管理Citrix XenServer环境的web界面。 XenCenterWeb的多个模块没有正确的验证用户所提供的输入,远程攻击者可以通过向服务器提交恶意请求执行静态代码攻击。 远程攻击者可以通过/var/www/config/writeconfig.php文件向/usr/local/lib/php/include/config.ini.php文件写入任意数据,因此可以在机器上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A