Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the (2) enable parameter to administration/user_fields.php or (3) file parameter to administration/db_backup.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-Fusion 目录遍历漏洞
Vulnerability Description
PHP-Fusion是PHP-Fusion公司的一套基于MySql和PHP的开源轻量级内容管理系统。该系统包含新闻、文章和论坛等模块。 PHP-Fusion 7.02.05及之前版本中存在三个目录遍历漏洞。远程攻击者可利用该漏洞通过maincore.php脚本中的‘user_theme’参数中的目录遍历字符(‘..’)包含并执行任意文件;通过administration/user_fields.php脚本中的‘enable’参数或administration/db_backup.php脚本中的‘file’
CVSS Information
N/A
Vulnerability Type
N/A