漏洞信息详情
Jetbox CMS 'Search_function.PHP'远程文件包含漏洞
- CNNVD编号:CNNVD-200608-459
- 危害等级: 高危
- CVE编号: CVE-2006-4422
- 漏洞类型: 输入验证
- 发布时间: 2006-08-28
- 威胁类型: 远程
- 更新时间: 2006-09-07
- 厂 商: jetbox
- 漏洞来源: [email protected] i...
漏洞简介
** 有争议 ** Jetbox CMS 2.1中的includes/phpdig/libs/search_function.php存在PHP远程文件包含漏洞,远程攻击者可以借助relative_script_path参数中的URL执行任意PHP代码,此向量不同于CVE-2006-2270。注:此问题存在争议,截至2006年8月30日,CVE分析结果仍存在争议。而且,此漏洞实际上很可能存在于第三方模块,phpDig 1.8.8。
漏洞公告
参考网址
来源: XF 名称: jetboxCMS-search-file-include(28588) 链接:http://xforce.iss.net/xforce/xfdb/28588 来源: BID 名称: 19722 链接:http://www.securityfocus.com/bid/19722 来源: BUGTRAQ 名称: 20060831 AW: AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444826/100/0/threaded 来源: BUGTRAQ 名称: 20060830 Re: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444822/100/0/threaded 来源: BUGTRAQ 名称: 20060829 Re: AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444740/100/0/threaded 来源: BUGTRAQ 名称: 20060828 JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded 来源: BUGTRAQ 名称: 20060825 Jetbox CMS search_function.php Remote File 链接:http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded 来源: BUGTRAQ 名称: 20060829 AW: JetBox CMS (search_function.php) Remote File Include 链接:http://www.securityfocus.com/archive/1/444640/100/0/threaded 来源: OSVDB 名称: 28299 链接:http://www.osvdb.org/28299 来源: VIM 名称: 20060829 Jetbox CMS file include - CVE dispute 链接:http://www.attrition.org/pipermail/vim/2006-August/001003.HTML 来源: VIM 名称: 20060829 Jetbox CMS file include - CVE dispute 链接:http://www.attrition.org/pipermail/vim/2006-August/000997.HTML 来源: SECTRACK 名称: 1016765 链接:http://securitytracker.com/id?1016765
受影响实体
- Jetbox Jetbox_CMS:2.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论