La Cala is another sub-Station command execution vulnerabilities included cross-site threat-vulnerability warning-the black bar safety net

ID MYHACK58:62201339479
Type myhack58
Reporter 佚名
Modified 2013-07-02T00:00:00


Brief description:

Test La Cala a sub-Station, and found the pull Station using THINKPHP open source framework, there is still some risk.

Does not affect the customer data, the hazard rating.

Detailed description:

1 Nginx service end is not a reasonable configuration to cause arbitrary PHP script command execution risk

Plain text as the PHP implementation.


The backend to use ThinkPHP




Repair solutions:

Update Nginx configuration to fix command execution vulnerability.