Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to create or modify arbitrary files via a .. (dot dot) in the nugget parameter and a modified pagevalue parameter, as demonstrated by creating and accessing a .php file to execute arbitrary PHP code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nuggetz CMS路径遍历漏洞
Vulnerability Description
Nuggetz CMS是使用PHP实现的内容管理系统。Nuggetz CMS中的admin/ajaxsave.php存在目录游历漏洞。当magic_quotes_gpc没有被启用时,远程攻击着可以借助nugget参数和modified pagevalue参数中的一个"..",导致创建或修改任意文件。
CVSS Information
N/A
Vulnerability Type
N/A