关键漏洞信息 EDB-ID: 2724 CVE: 2006-5796 Author: THE_DAY Type: WEBAPPS Platform: PHP Date: 2006-11-06 Vulnerable App: Soholaunch Pro Vulnerable Version: <= 4.9 r36 漏洞描述 Critical Level: Highly critical Impact: System access Location: Indonesia, Jakarta 漏洞详情 Vulnerable Script: shared_functions.php Vulnerability: 输入传递给 参数在shared_functions.php中使用前未进行适当的验证。该漏洞可以通过包含来自本地或外部资源的文件来执行任意PHP代码。 Affected Files: - /client_files/shopping_cart/pgm-shopping_css.inc.php - /program/includes/shared_functions.php Proof of Concept 解决方案 Sanitize variable in affected files. Turn off register_globals