Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
Vulnerability Description
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
Hybridauth 安全漏洞
Vulnerability Description
Hybridauth是Hybridauth开源的一个基于Web 的认证和授权软件。 Hybridauth 2.0.9至2.2.2版本存在安全漏洞,该漏洞源于install.php脚本未正确清理输入,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A