4 matches found
NotFTP config.php本地文件包含漏洞
BUGTRAQ ID: 34636 CVECAN ID: CVE-2009-1407 NotFTP是用PHP编写的基于Web的HTTP-FTP网关。 NotFTP的config.php脚本没有正确地过滤用户所提交的参数,如果远程攻击者在提交的URL请求中使用newlang参数指定了本地系统的恶意文件的话,就可能在Web服务器上读取敏感信息或执行任意代码。以下是config.php脚本中的有漏洞代码段: if isset$newlang requireonce"lib/lang/".$languages$newlang"file"; elseif...
CVE-2009-1407
Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows remote attackers to read arbitrary files via a .. dot dot in a certain languagesfile parameter...
CVE-2009-1407
NotFTP 1.3.1 is affected by a directory traversal/Local File Inclusion in config.php. The script fails to properly filter user input in languages[][file] (and related language loading logic), allowing remote attackers to read arbitrary local files via crafted URLs (e.g., .. paths). The vulnerabil...
CVE-2009-1407
creationtimestamp| type| source ---|---|--- 2009-04-21 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8504...