3 matches found
Kayako eSupport autoclose.php远程文件包含漏洞
Kayako eSupport是基于Web的后台技术支持应用程序。 Kayako eSupport对用户请求的处理上存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 Kayako eSupport的esupport/admin/autoclose.php脚本没有正确的过滤subd变量参数的输入,允许攻击者通过包含本地或外部资源导致执行任意代码。 相关的漏洞代码如下: requireonce $subd . "functions.php"; Kayako eSupport = 2.3.1 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability:
Script: Kayako eSupport = 2.3.1 Vendor: Kayako www.kayako.com Discovered: beford xbefordx gmail com Comments: It seems like the vendor silently fixed the issue in the current version more like since v2.3.5 withouth warning users of previous versions, noobs. Requires that "registerglobals" is...
Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability
No description provided by source. Script: Kayako eSupport = 2.3.1 Vendor: Kayako www.kayako.com Discovered: beford xbefordx gmail com Comments: It seems like the vendor silently fixed the issue in the current version more like since v2.3.5 withouth warning users of previous versions, noobs...