Jetbox CMS 'Search_function.PHP'远程文件包含漏洞

admin

0
文章

0
评论

2022-07-22 22:17:18 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Jetbox CMS 'Search_function.PHP'远程文件包含漏洞

CNNVD编号：CNNVD-200608-459
危害等级：高危
CVE编号： CVE-2006-4422
漏洞类型：输入验证
发布时间： 2006-08-28
威胁类型：远程
更新时间： 2006-09-07
厂商： jetbox
漏洞来源： [email protected] i...

漏洞简介

** 有争议 ** Jetbox CMS 2.1中的includes/phpdig/libs/search_function.php存在PHP远程文件包含漏洞，远程攻击者可以借助relative_script_path参数中的URL执行任意PHP代码，此向量不同于CVE-2006-2270。注：此问题存在争议，截至2006年8月30日，CVE分析结果仍存在争议。而且，此漏洞实际上很可能存在于第三方模块，phpDig 1.8.8。

漏洞公告

参考网址

来源: XF 名称: jetboxCMS-search-file-include(28588) 链接:http://xforce.iss.net/xforce/xfdb/28588 来源: BID 名称: 19722 链接:http://www.securityfocus.com/bid/19722 来源: BUGTRAQ 名称: 20060831 AW: AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444826/100/0/threaded 来源: BUGTRAQ 名称: 20060830 Re: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444822/100/0/threaded 来源: BUGTRAQ 名称: 20060829 Re: AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444740/100/0/threaded 来源: BUGTRAQ 名称: 20060828 JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded 来源: BUGTRAQ 名称: 20060825 Jetbox CMS search_function.php Remote File 链接:http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded 来源: BUGTRAQ 名称: 20060829 AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/444640/100/0/threaded 来源: OSVDB 名称: 28299 链接:http://www.osvdb.org/28299 来源: VIM 名称: 20060829 Jetbox CMS file include - CVE dispute 链接:http://www.attrition.org/pipermail/vim/2006-August/001003.HTML 来源: VIM 名称: 20060829 Jetbox CMS file include - CVE dispute 链接:http://www.attrition.org/pipermail/vim/2006-August/000997.HTML 来源: SECTRACK 名称: 1016765 链接:http://securitytracker.com/id?1016765