Fastpublish CMS Designconfig.PHP远程文件包含漏洞

Fastpublish CMS是一款基于PHP的WEB应用程序。 Fastpublish CMS不正确过滤用户提交的URI输入数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'Designconfig.PHP'脚本对用户提交的'configfsBase'参数处理缺少充分过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Fashpublish CMS 1.9999 目前没有解决方案提供： http://www.fastpublish.org/...

CVE-2007-6325

CVE-2007-6325 affects Fastpublish CMS 1.9999; vulnerability in adminbereich/designconfig.php allows remote PHP code execution via a URL in config[fsBase]. This is a different vector from CVE-2006-2726. No remediation details are provided in the documents.

Fastpublish CMS 1.9999 config[fsBase] RFI Vulnerability

No description provided by source. Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...

Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion

Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ===========================================================================...

Fastpublish CMS 1.9999 - config[fsBase] Remote File Inclusion

Fastpublish CMS 1.9999 - configfsBase Remote File Inclusion Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet :...

fastpub-rfi.txt

Name : Fastpublish CMS 1.9999 configfsBase Remote File Include Download From : http://www.fastpublish.org/aufbau/phpcontent/downloadlist.php?action=download&id=53&sprache=en Found By : RoMaNcYxHaCkEr Home Page : Not Yet : ===========================================================================...