Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PEAR HTML_QuickForm 安全漏洞
Vulnerability Description
PEAR HTML_QuickForm是一个用于创建、处理HTML表单数据的包。 PEAR HTML_QuickForm 3.2.14版本中的多种方法存在安全漏洞。攻击者可借助特制的查询字符串利用该漏洞泄露信息,可能影响数据的完整性并执行任意代码。以下方法受到影响:getSubmitValue方法(HTML_QuickForm);validate方法(HTML_QuickForm);_setOptions方法(HTML_QuickForm_hierselect);_findValue方法(HTML_Qui
CVSS Information
N/A
Vulnerability Type
N/A