Jetbox CMS ‘Search_function.PHP’远程文件包含漏洞

漏洞信息详情

Jetbox CMS ‘Search_function.PHP’远程文件包含漏洞

• CNNVD编号：CNNVD-200608-459
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2006-4422
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2006-08-28
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-07
  
• 厂        商：
  
  jetbox
• 漏洞来源：
  D3nGeR@Gmail.CoM i…

** 有争议 ** Jetbox CMS 2.1中的includes/phpdig/libs/search_function.php存在PHP远程文件包含漏洞，远程攻击者可以借助relative_script_path参数中的URL执行任意PHP代码，此向量不同于CVE-2006-2270。注：此问题存在争议，截至2006年8月30日，CVE分析结果仍存在争议。而且，此漏洞实际上很可能存在于第三方模块，phpDig 1.8.8。

来源: XF
名称: jetboxcms-search-file-include(28588)
链接:http://xforce.iss.net/xforce/xfdb/28588

来源: BID
名称: 19722
链接:http://www.securityfocus.com/bid/19722

来源: BUGTRAQ
名称: 20060831 AW: AW: JetBox cms (search_function.php) Remote File Include
链接:http://www.securityfocus.com/archive/1/archive/1/444826/100/0/threaded

来源: BUGTRAQ
名称: 20060830 Re: JetBox cms (search_function.php) Remote File Include
链接:http://www.securityfocus.com/archive/1/archive/1/444822/100/0/threaded

来源: BUGTRAQ
名称: 20060829 Re: AW: JetBox cms (search_function.php) Remote File Include
链接:http://www.securityfocus.com/archive/1/archive/1/444740/100/0/threaded

来源: BUGTRAQ
名称: 20060828 JetBox cms (search_function.php) Remote File Include
链接:http://www.securityfocus.com/archive/1/archive/1/444527/100/0/threaded

来源: BUGTRAQ
名称: 20060825 Jetbox CMS search_function.php Remote File
链接:http://www.securityfocus.com/archive/1/archive/1/444422/100/0/threaded

来源: BUGTRAQ
名称: 20060829 AW: JetBox cms (search_function.php) Remote File Include
链接:http://www.securityfocus.com/archive/1/444640/100/0/threaded

来源: OSVDB
名称: 28299
链接:http://www.osvdb.org/28299

来源: VIM
名称: 20060829 Jetbox CMS file include – CVE dispute
链接:http://www.attrition.org/pipermail/vim/2006-August/001003.html

来源: VIM
名称: 20060829 Jetbox CMS file include – CVE dispute
链接:http://www.attrition.org/pipermail/vim/2006-August/000997.html

来源: SECTRACK
名称: 1016765
链接:http://securitytracker.com/id?1016765