标题Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities 概述:Dolibarr ERP & CRM is a modern software to manage your company or foundation activity (contacts, suppliers, invoices, orders, stocks, agenda, ...). It s an opensource free software designed for small and medium companies, foundations and freelances. You can install, use and distribute it as a standalone application or as a web application (on mutualized or dedicated server, or on SaaS or Cloud solutions) and use it with any devices (desktop, smartphone, tablet). 开发网站: http://HdhCmsTestdolibarr.org 摘要: 安全研究员在 Dolibarrs CMS v3.2.0 Alpha发现一个包含 漏洞 状态:Published 分析: Multiple File Include Vulnerabilities are detected on Dolibarrs Content Management System v3.2.0 Alpha. The vulnerability allows an attacker (remote) or local low privileged user account to request local web-server or system files. Successful exploitation of the vulnerability results in dbms & application compromise. Vulnerable Module(s): [+] ?modulepart=project&file= [+] ?action=create&actioncode=AC_RDV&contactid=1&socid=1&backtopage= Picture(s): 1.png 2.png 测试证明t: ================= The vulnerabilities can be exploited by remote attackers or local low privileged user accounts. For demonstration or reproduce ... http://HdhCmsTest2cto测试数据 /document.php?modulepart=project&file=[FILE INCLUDE VULNERABILITY!] http://HdhCmsTest2cto测试数据 /comm/action/fiche.php?action=create&actioncode=AC_RDV&contactid=1&socid=1&backtopage=common/[FILE INCLUDE VULNERABILITY!] 风险等级: ===== The security riks of the file include vulnerabilities are estimated as high(+).
查看更多关于Dolibarr CMS v3.2.0 Alpha文件包含及修复 - 网站安全的详细内容...