| عنوان | 123Solar 1.8.4.5 File Inclusion |
|---|
| الوصف | Version x.x.x.x of 123Solar is affected by a Local File Inclusion (LFI) vulnerability. Attackers can manipulate the PROTOCOLx parameter to include arbitrary PHP files from unintended directories, potentially leading to remote code execution (RCE).
The impact of this vulnerability is primarily the ability to include and execute PHP files on the server. Possible attack scenarios include:
An attacker uploads a PHP file to another system and obtains its absolute path but cannot directly access it. The attacker can then execute the PHP file through this vulnerability.
A PHP code injection vulnerability is discovered, but the configuration file cannot be directly accessed. The attacker can execute the PHP code through this vulnerability. |
|---|
| المصدر | ⚠️ https://github.com/jeanmarc77/123solar/issues/75 |
|---|
| المستخدم | hejiasheng (UID 74892) |
|---|
| ارسال | 14/09/2024 09:08 AM (2 سنوات منذ) |
|---|
| الاعتدال | 27/09/2024 07:10 AM (13 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 278657 [jeanmarc77 123solar حتى 1.8.4.5 /admin/admin_invt2.php PROTOCOLx تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|