Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
imFAQ allows local file inclusion in seo.php
Vulnerability Description
imFAQ is an advanced questions and answers management system for ImpressCMS. Prior to 1.0.1, if the $_GET['seoOp'] parameter is manipulated to include malicious input (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php), the application could allow an attacker to read sensitive files on the server (Local File Inclusion, LFI). The $_GET['seoOp'] and $_GET['seoArg'] parameters are directly used without sanitization or validation. This is partly mitigated by the fact that the ImpressCMS sensitive files are stored outside the web root, in a folder with a randomized name. The issue has been resolved in imFaq 1.0.1.
CVSS Information
N/A
Vulnerability Type
文件名或路径的外部可控制
Vulnerability Title
imFAQ 安全漏洞
Vulnerability Description
imFAQ是Impress Modules开源的一个 ImpressCMS 网站的高级问答管理系统。 imFAQ 1.0.1之前版本存在安全漏洞,该漏洞源于seoOp参数未经过清理或验证,可能导致本地文件包含,攻击者可以读取服务器上的敏感文件。
CVSS Information
N/A
Vulnerability Type
N/A