Описание
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
Ссылки
- ExploitVendor Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpclanwebsite:phpclanwebsite:1.23.1:*:*:*:*:*:*:*
EPSS
Процентиль: 53%
0.00297
Низкий
4 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.
EPSS
Процентиль: 53%
0.00297
Низкий
4 Medium
CVSS2
Дефекты
NVD-CWE-Other