Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Phar Deserialization leading to Arbitrary File Deletion in my little forum
Vulnerability Description
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1.
CVSS Information
N/A
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
my little forum 代码问题漏洞
Vulnerability Description
my little forum是My Little Forum开源的一套基于PHP和MySQL的在线论坛系统。 my little forum 20260208.1之前版本存在代码问题漏洞,该漏洞源于URL验证未过滤phar协议,可能导致任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A