Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpFox 安全漏洞
Vulnerability Description
phpFox是phpFox公司的一个社交网络平台。 phpFox 4.8.13及之前版本存在安全漏洞,该漏洞源于通过url请求参数传递到 /core/redirect 路由的用户输入在调用 unserialize() PHP 函数之前未经过正确的清理,远程攻击者利用此漏洞可以将任意 PHP 对象注入应用程序范围,从而允许他们执行各种攻击,例如执行任意 PHP 代码。
CVSS Information
N/A
Vulnerability Type
N/A