http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-313
Jupiter CMS 敏感信息泄露漏洞
| 漏洞ID | 1193470 | 漏洞类型 | 输入验证 |
| 发布时间 | 2006-09-19 | 更新时间 | 2006-09-28 |
 CVE编号
|
CVE-2006-4873 |  CNNVD-ID
|
CNNVD-200609-313 |
| 漏洞平台 | N/A | CVSS评分 | 5.0 |
|漏洞来源
|漏洞详情
JupiterCMS远程攻击者通过直接请求(1)includes/functions.php,(2)modules/register.php,(3)modules/poll.php,(4)modules/panel.php,(5)modules/pm.php,(6)modules/news.php,(7)modules/templates_change.php,(8)modules/users.php,(9)modules/misc.php,(10)modules/masspm.php,(11)modules/mass-email.php,(12)modules/main-nav.php,(13)modules/login.php,(14)modules/layout.php,(15)modules/hq.php,(16)modules/forum.php,(17)modules/forum-admin.php,(18)modules/events.php,(19)modules/emoticons.php,(20)modules/download.php,(21)modules/blocks.php,(22)modules/ban.php,(23)modules/badwords.php,(24)modules/ads.php或(25)modules/admin.php,在各种错误消息中揭示安装路径,从而获取敏感信息。
|参考资料
来源:BID
名称:20048
链接:http://www.securityfocus.com/bid/20048
来源:BUGTRAQ
名称:20060915JupiterCMSMultipleinjections
链接:http://www.securityfocus.com/archive/1/archive/1/446064/100/0/threaded
来源:SREASON
名称:1608
链接:http://securityreason.com/securityalert/1608
检索漏洞
开始时间
结束时间