Lanifex Database of Managed Objects Access_manager.PHP远程文件包含漏洞

Lanifex Database of Managed Objects是一款基于PHP的WEB应用程序。 Lanifex Database of Managed Objects不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Accessmanager.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Lanifex Lanifex 2.3 Beta Lanifex Lanifex 2.2 无 !/usr/bin/perl use LWP::UserAgent; / +...

CVE-2006-4604

PHP remote file inclusion vulnerability in LFXlib/accessmanager.php in Lanifex Database of Managed Objects DMO 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the incMgr parameter...

CVE-2006-4604

CVE-2006-4604 affects Lanifex Database of Managed Objects (DMO) prior to 2.3 Beta, where a PHP remote file inclusion vulnerability in LFXlib/access_manager.php allows an attacker to execute arbitrary PHP code via the _incMgr parameter. This is triggered remotely (network) with low attack complexi...

Lanifex DMO <= 2.3b (_incMgr) Remote File Include Exploit

Exploit for unknown platform in category web applications ========================================================= Lanifex DMO s...