Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WeBid 1.0.2 converter.php Remote PHP Code Injection
Vulnerability Description
WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remote code execution when the modified script is accessed or included by the application.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Sourceforge WeBid 安全漏洞
Vulnerability Description
Sourceforge WeBid是Sourceforge开源的一个用于在线拍卖和销售产品的开源网站项目。 Sourceforge WeBid 1.0.2版本存在安全漏洞,该漏洞源于converter.php脚本未清理POST请求中to参数,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A