漏洞信息详情
Comdev CSV Importer 'include.php'PHP远程文件包含漏洞
- CNNVD编号:CNNVD-200610-037
- 危害等级: 高危
- CVE编号: CVE-2006-5101
- 漏洞类型: 代码注入
- 发布时间: 2006-10-03
- 威胁类型: 远程
- 更新时间: 2006-10-16
- 厂 商: comdev
- 漏洞来源:
漏洞简介
Comdev CSV Importer 3.1可能还有4.1的include.php中存在PHP远程文件包含漏洞(用在(1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1和 (12) Comdev eCommerce 3.1中),远程攻击者可以通过path[docroot]参数中的URL执行任意PHP代码。
漏洞公告
参考网址
来源: BUGTRAQ
名称: 20060927 Comdev Events Calendar 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447213/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Newsletter 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447209/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Guestbook 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447207/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev FAQ Support 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447201/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev eCommerce 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447194/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Web Blogger 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447193/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Contact Form 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447192/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev News Publisher 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447190/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Customer Helpdesk 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447188/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Photo Gallery 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447187/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Vote Caster 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447186/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev Links Directory 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447185/100/0/threaded
来源: BUGTRAQ
名称: 20060927 Comdev CSV Importer 3.1 :) <= remote="" file="">
链接:http://www.securityfocus.com/archive/1/archive/1/447184/100/0/threaded
来源: OSVDB
名称: 29311
链接:http://www.osvdb.org/29311
来源: OSVDB
名称: 29310
链接:http://www.osvdb.org/29310
来源: OSVDB
名称: 29309
链接:http://www.osvdb.org/29309
来源: OSVDB
名称: 29308
链接:http://www.osvdb.org/29308
来源: OSVDB
名称: 29307
链接:http://www.osvdb.org/29307
来源: OSVDB
名称: 29306
链接:http://www.osvdb.org/29306
来源: OSVDB
名称: 29305
链接:http://www.osvdb.org/29305
来源: OSVDB
名称: 29304
链接:http://www.osvdb.org/29304
来源: OSVDB
名称: 29303
链接:http://www.osvdb.org/29303
来源: OSVDB
名称: 29302
链接:http://www.osvdb.org/29302
来源: OSVDB
名称: 29301
链接:http://www.osvdb.org/29301
来源: OSVDB
名称: 29300
链接:http://www.osvdb.org/29300
来源: OSVDB
名称: 29299
链接:http://www.osvdb.org/29299
来源: VUPEN
名称: ADV-2006-3815
链接:http://www.frsirt.com/english/advisories/2006/3815
来源: VUPEN
名称: ADV-2006-3814
链接:http://www.frsirt.com/english/advisories/2006/3814
来源: VUPEN
名称: ADV-2006-3813
链接:http://www.frsirt.com/english/advisories/2006/3813
来源: VUPEN
名称: ADV-2006-3812
链接:http://www.frsirt.com/english/advisories/2006/3812
来源: VUPEN
名称: ADV-2006-3811
链接:http://www.frsirt.com/english/advisories/2006/3811
来源: VUPEN
名称: ADV-2006-3810
链接:http://www.frsirt.com/english/advisories/2006/3810
来源: VUPEN
名称: ADV-2006-3809
链接:http://www.frsirt.com/english/advisories/2006/3809
来源: VUPEN
名称: ADV-2006-3808
链接:http://www.frsirt.com/english/advisories/2006/3808
来源: VUPEN
名称: ADV-2006-3807
链接:http://www.frsirt.com/english/advisories/2006/3807
来源: VUPEN
名称: ADV-2006-3806
链接:http://www.frsirt.com/english/advisories/2006/3806
来源: VUPEN
名称: ADV-2006-3805
链接:http://www.frsirt.com/english/advisories/2006/3805
来源: VUPEN
名称: ADV-2006-3804
链接:http://www.frsirt.com/english/advisories/2006/3804
来源: VUPEN
名称: ADV-2006-3803
链接:http://www.frsirt.com/english/advisories/2006/3803
来源: SECUNIA
名称: 22169
链接:http://secunia.com/advisories/22169
来源: SECUNIA
名称: 22168
链接:http://secunia.com/advisories/22168
来源: S
受影响实体
- Comdev Comdev_csv_importer:3.1
- Comdev Comdev_csv_importer:4.1
补丁
暂无
评论