Ekke Ekke Doerre Mods 代码注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189014 漏洞类型 代码注入
发布时间 2007-09-26 更新时间 2007-09-26
CVE编号 CVE-2007-5115 CNNVD-ID CNNVD-200709-390
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/85357
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-390
|漏洞详情
contenido_hacks中的Mods4XoopsContenidoeZpublish(pdf4cms)的EkkeDoerreContenido42VariablVersion(42VV10)存在多个PHP远程文件包含漏洞,远程攻击者可以借助以下文件中的参数的一个URL执行任意PHP代码:(1)main_upl.php,(2)main_con_editside.php,(3)main_news_rcp.php,(4)main_mod.php,(5)main_tplinput_edit.php,(6)main_con.php,(7)main_tpl.php,(8)main_con_sidelist.php,(9)main_str.php,(10)main_news.php,(11)main_tplinput.php,(12)main_lang.php,(13)main_mod_edit.php,(14)main_lay.php,(15)main_lay_edit.php,(16)main_news_send.php,(17)main_con_edittpl.php,(18)main_stat.php,(19)main_tpl_edit.php,(20)main_news_edit.php,或(21)inc/upl_show_uploads.inc.php的cfgPathInc参数;(a)cfgPathContenido或(b)inc/中的(22)con_show_sidelist.inc.php,(23)mod_show_modules.inc.php,(24)con_edit_form.inc.php,(25)lay_show_layouts.inc.php,(26)con_show_tree.inc.php,(27)news_show_newsletters.inc!.php,(28)str_show_tree.inc.php,(29)tpl_show_templates.inc.php,(30)stat_show_tree.inc.php,(31)con_editcontent.inc.php,或(32)news_show_recipients.inc.php的cfgPathTpl参数;或(33)main_user_md5.php3,或(34)actions
|受影响的产品
Ekke Doerre Mods 4 Xoops Contenido Ez Publish 0
|参考资料

来源:XF
名称:mods4xoopscontenidoezpublish-file-include(46229)
链接:http://xforce.iss.net/xforce/xfdb/46229
来源:MISC
链接:http://arfis.wordpress.com/2007/09/14/rfi-02-mods-4-xoops-contenido-ez-publish/