Ruby on Rails: File writing by Directory traversal at actionpack-page_caching and RCE by it

I found a directory traversal in actionpack-pagecaching. Some code may lead to RCE. https://github.com/rails/actionpack-pagecaching/blob/master/lib/actioncontroller/caching/pages.rbL143 ruby def cachefilepath, extension if path.empty? || path = %r\A/+\z name = "/index" else name =...

PHPCMS V9 (plugin.php)本地文件包含漏洞

由于文件/plugin.php对于用户提交的变量未过滤，导致本地文件包含漏洞的产生。 相关代码如下： 文件plugin.php ifisset$GET'id' list$identification, $filename,$action = explode'-', $GET'id'; $filename = !empty$filename ? $filename : $identification; $action = !empty$action ? $action : 'init'; $cache = getcache$identification,'plugins';...

CVE-2007-4458

PHP remote file inclusion vulnerability in includes/class/classtpl.php in Firesoft allows remote attackers to execute arbitrary PHP code via a URL in the cachefile parameter...