Web-Provence SL_Site Spaw_control.class.PHP参数远程文件包含漏洞

Web-Provence SLSite是一款基于PHP的WEB应用程序。 Web-Provence SLSite不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Spawcontrol.class.PHP'脚本对用户提交的'spawroot'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Web-Provence SLsite 1.0 目前没有解决方案提供,请关注以下链接： http://www.web-provence.org/...

CVE-2006-4656

PHP remote file inclusion vulnerability in admin/editeur/spawcontrol.class.php in Web Provence SLSite 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spawroot parameter. NOTE: CVE analysis suggests that this issue is actually in a third party product, SPAW...

CVE-2006-4656

CVE-2006-4656 is a PHP remote file inclusion in SPAW Editor’s spaw_control.class.php (Web Provence SL_Site 1.0 and earlier) allowing code execution via a URL in spaw_root; analysis notes the issue originates in a third‑party SPAW Editor PHP Edition. Related records (CVE-2007-3237/3289) describe t...