SolidState 0.4 - Multiple Remote File Inclusion

admin
admin
admin
0
文章
0
评论
2023-12-14 03:24:42 Ali_nvd 来源:ZONE.CI 全球网 0 阅读模式
SolidState 0.4 - Multiple Remote File Inclusion

CVE编号

CVE-2006-5020

利用情况

暂无

补丁情况

N/A

披露时间

2006-09-28
漏洞描述
Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接
http://attrition.org/pipermail/vim/2007-January/001210.html
http://www.osvdb.org/31097
http://www.osvdb.org/31098
http://www.osvdb.org/31099
http://www.osvdb.org/31100
http://www.osvdb.org/31104
http://www.osvdb.org/31105
http://www.osvdb.org/31106
http://www.osvdb.org/31107
http://www.osvdb.org/31108
http://www.osvdb.org/31109
http://www.osvdb.org/31110
http://www.osvdb.org/31111
http://www.osvdb.org/31112
http://www.osvdb.org/31113
http://www.osvdb.org/31114
http://www.osvdb.org/31115
http://www.osvdb.org/31116
http://www.osvdb.org/31117
http://www.osvdb.org/31118
http://www.osvdb.org/31119
http://www.osvdb.org/31120
http://www.osvdb.org/31121
http://www.osvdb.org/31122
http://www.osvdb.org/31123
http://www.osvdb.org/31124
http://www.osvdb.org/31125
http://www.osvdb.org/31126
http://www.osvdb.org/31127
http://www.osvdb.org/31128
http://www.osvdb.org/31129
http://www.osvdb.org/31130
http://www.osvdb.org/31131
http://www.osvdb.org/31132
http://www.osvdb.org/31133
http://www.osvdb.org/31134
http://www.osvdb.org/31135
http://www.osvdb.org/31136
http://www.osvdb.org/31137
http://www.osvdb.org/31138
http://www.osvdb.org/31139
http://www.osvdb.org/31141
http://www.osvdb.org/31142
http://www.osvdb.org/31143
http://www.osvdb.org/31144
http://www.osvdb.org/31145
http://www.osvdb.org/31146
http://www.osvdb.org/31147
http://www.osvdb.org/31190
http://www.osvdb.org/31191
http://www.osvdb.org/31192
http://www.osvdb.org/31193
http://www.osvdb.org/31194
http://www.osvdb.org/31197
http://www.osvdb.org/31198
http://www.osvdb.org/31199
http://www.osvdb.org/31200
http://www.osvdb.org/31201
http://www.osvdb.org/31202
http://www.osvdb.org/31203
http://www.securityfocus.com/bid/21934
http://www.solid-state.org/index.php?name=PNphpBB2&file=portal&article=1
https://exchange.xforce.ibmcloud.com/vulnerabilities/29095
https://www.exploit-db.com/exploits/2413
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 solidstate solidstate * Up to (including) 0.4
CVSS3评分 7.5
  • 攻击路径 网络
  • 攻击复杂度 低
  • 权限要求 无
  • 影响范围 N/A
  • 用户交互 无
  • 可用性 部分地
  • 保密性 部分地
  • 完整性 部分地
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-ID 漏洞类型
NVD-CWE-Other
- avd.aliyun.com
weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
N/A Ali_nvd

N/A

N/ACVE编号 CVE-2024-9120利用情况 暂无补丁情况 N/A披露时间 2024-09-23漏洞描述Use after free in Dawn
09-260 评论
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0