3 matches found
PHPDisk E-Core phpdisk_del_process.php 代码执行
phpdiskdelprocess未对fileid做过滤,导致文件删除,文件删除日志delfilelog可写入代码,并执行。需要开启registerglobals在php5.3废弃5.4移除,代码执行需要关闭shortopentag,影响范围小。 0 2.5 更新到最新版本...
Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution
No description provided by source. ?php / ---------------------------------------------------------------- Invision Power Board = 3.3.4 "unserialize" PHP Code Execution ---------------------------------------------------------------- author..............: Egidio Romano aka EgiX...
DocMGR 0.54.2 - file_exists Remote Command Execution
DocMGR 0.54.2 - fileexists Remote Command Execution works against PHP5, with shortopentag = On and registerglobals = On usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "The quality of decision is like the well-timed swoop of a falcon which enables it to strike and destroy i...