Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61309
HistoryJan 09, 2014 - 12:00 a.m.

Horizon QCMS "/lib/functions/d-load.php"目录遍历漏洞

2014-01-0900:00:00
Root
www.seebug.org
14

0.008 Low

EPSS

Percentile

79.2%

JSON

CVE ID:CVE-2013-7138

Horizon QCMS是支持PHP与MySQL的开放源码的Horizon快速内容管理系统。

该漏洞的存在是由于传递到"/lib/functions/d-load.php"脚本的"start" HTTP GET参数"fopen()"方法中被使用前没有足够过滤,远程攻击者可以以Web服务器的权限在目标系统上读取任意文件内容。
0
Horizon QCMS<=4.0
厂商补丁:

Horizon

Horizon 4.0版本以修复此漏洞,建议用户下载使用:

http://sourceforge.net/projects/hnqcms/files/patches/


                                                The exploitation example below will display content of &quot;/config.php&quot; file that contains MySQL database login credentials:
http://[host]/lib/functions/d-load.php?start=../../config.php

Related

prion 1
cve 1
cvelist 1
htbridge 1
securityvulns 2
packetstorm 1
openvas 1
exploitpack 1
exploitdb 1
prion
prion
Directory traversal
2014-01-09 18:55:00
cve
cve
CVE-2013-7138
2014-01-09 18:55:00
cvelist
cvelist
CVE-2013-7138
2014-01-09 15:00:00
htbridge
htbridge
Multiple Vulnerabilities in Horizon QCMS
2013-12-18 00:00:00
securityvulns
securityvulns
Multiple Vulnerabilities in Horizon QCMS
2014-01-09 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-01-09 00:00:00
packetstorm
packetstorm
Horizon QCMS 4.0 SQL Injection / Directory Traversal
2014-01-08 00:00:00
openvas
openvas
Horizon QCMS Multiple Vulnerabilities
2014-01-17 00:00:00
exploitpack
exploitpack
Horizon QCMS 4.0 - Multiple Vulnerabilities
2014-01-14 00:00:00
exploitdb
exploitdb
Horizon QCMS 4.0 - Multiple Vulnerabilities
2014-01-14 00:00:00

0.008 Low

EPSS

Percentile

79.2%

JSON
Related for SSV:61309
prion1cve1cvelist1htbridge1securityvulns2packetstorm1openvas1exploitpack1exploitdb1