Open Tibia Server Content Management System ‘OTSCMS.php’PHP远程文件包含漏洞

漏洞信息详情

Open Tibia Server Content Management System ‘OTSCMS.php’PHP远程文件包含漏洞

• CNNVD编号：CNNVD-200610-447
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2006-5548
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2006-10-26
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-10-30
  
• 厂        商：
  
  otscms
• 漏洞来源：
  GregStar is credit…

Open Tibia Server Content Management System (OTSCMS) 2.0.0至2.1.3版本的OTSCMS/OTSCMS.php中存在PHP远程文件包含漏洞，远程攻击者可以通过GLOBALS[config][directories][classes]参数的URL执行任意PHP代码。

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接：

OTSCMS OTSCMS 1.0

OTSCMS otscms-2.1.4-lite.tar.gz

http://prdownloads.sourceforge.net/otscms/otscms-2.1.4-lite.tar.gz

OTSCMS OTSCMS 1.3

OTSCMS otscms-2.1.4-lite.tar.gz

http://prdownloads.sourceforge.net/otscms/otscms-2.1.4-lite.tar.gz

OTSCMS OTSCMS 1.4.1

OTSCMS otscms-2.1.4-lite.tar.gz

http://prdownloads.sourceforge.net/otscms/otscms-2.1.4-lite.tar.gz

OTSCMS OTSCMS 2.0

OTSCMS otscms-2.1.4-lite.tar.gz

http://prdownloads.sourceforge.net/otscms/otscms-2.1.4-lite.tar.gz

OTSCMS OTSCMS 2.1.3

OTSCMS otscms-2.1.4-lite.tar.gz

http://prdownloads.sourceforge.net/otscms/otscms-2.1.4-lite.tar.gz

来源: XF

名称: otscms-otscms-file-include(29719)

链接:http://xforce.iss.net/xforce/xfdb/29719

来源: BID

名称: 20694

链接:http://www.securityfocus.com/bid/20694

来源: SECUNIA

名称: 22548

链接:http://secunia.com/advisories/22548

来源: MILW0RM

名称: 2622

链接:http://www.milw0rm.com/exploits/2622

来源: VIM

名称: 20061025 CONFIRM: OTSCMS file inclusions – PHP5 __autoload

链接:http://attrition.org/pipermail/vim/2006-October/001096.html

来源: VUPEN

名称: ADV-2006-4180

链接:http://www.frsirt.com/english/advisories/2006/4180

来源: MILW0RM

名称: 2622

链接:http://milw0rm.com/exploits/2622