Xoops XoopsGallery Module 'init_basic.php'远程文件包含漏洞

BUGTRAQ ID: 27155 CNCAN ID:CNCAN-2008010814 Xoops XoopsGallery Module是一款基于PHP的WEB应用程序。 Xoops XoopsGallery Module不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'initbasic.php'脚本对用户提交的'GALLERYBASEDIR'参数缺少过滤，提交远程服务器上的任意文件作为包含对象，可导致以WEB权限执行任意PHP代码。 Xoops XoopsGallery Module 1.3.3 9 ------------...

CVE-2008-0138

Summary : CVE-2008-0138 concerns the XoopsGallery mod_gallery module for XOOPS, specifically the init_basic.php script. When register_globals is disabled, the GALLERY_BASEDIR parameter can be controlled by a remote attacker to cause a remote file inclusion, allowing execution of arbitrary PHP cod...

XoopsGallery init_basic.php GALLERY_BASEDIR Parameter Remote File Inclusion

The remote host is running XoopsGallery, a third-party module for Xoops. The version of XoopsGallery installed on the remote host fails to sanitize user-supplied input to the 'GALLERYBASEDIR' parameter of the 'modules/xoopsgallery/initbasic.php' script before using it to include PHP code. Provide...