Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zikula Application Framework 代码注入漏洞
Vulnerability Description
Zikula Application Framework是Zikula基金会的一套用于构建和维护Web站点的PHP应用程序框架,它可通过第三方附加模块扩展成社区、门户、电子商务等。 Zikula Application Framework 1.3.7 build 11之前版本中存在代码注入漏洞。远程攻击者可通过向index.php文件发送带有特制序列化数据的‘authentication_method_ser’或‘zikulaMobileTheme’参数,或向index.php文件发送带有特制序列化数据的
CVSS Information
N/A
Vulnerability Type
N/A