PHPDISK 二次注入一枚。

简要描述： No check out。 详细说明： 在ajax.php中 $filefileid = int$filefileid; $filefilesize = int$filefilesize; $filefileextension = $db-escapetrim$filefileextension; $filefilename = $db-escapetrim$filefilename; $num = @$db-resultfirst"select count from $tpffiles where yunfid='$filefileid' and...

Sql injection

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...

CVE-2012-5910

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...

CVE-2010-0613

Directory traversal vulnerability in viewfile.php in ARWScripts Fonts Script allows remote attackers to read arbitrary local files via directory traversal sequences in a base64-encoded f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third par...

CVE-2010-0613

CVE-2010-0613 describes a directory traversal vulnerability in ARWScripts Fonts Script, via viewfile.php, allowing remote reading of arbitrary local files through a base64-encoded f parameter. Affected component: ARWScripts Fonts Script (viewfile.php). Root cause: improper handling of path traver...

CVE-2005-1752

viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename parameter...

CVE-2005-1752

viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename parameter...

Gforge - viewFile.php security flaw

-------------------------------------------------------------------------- Vendor : Gforge http://gforge.org Product : gforge Affected versions : 4.0 Bug fixed : = 4.0 & Debian pkg 3.1-30 Vulnerability : Input validation flaw Problem-Type : remote Severity : High, arbitrary command execution Auth...