| 제목 | 123Solar 1.8.4.5 File Inclusion |
|---|
| 설명 | Version x.x.x.x of 123Solar is affected by a Local File Inclusion (LFI) vulnerability. Attackers can manipulate the PROTOCOLx parameter to include arbitrary PHP files from unintended directories, potentially leading to remote code execution (RCE).
The impact of this vulnerability is primarily the ability to include and execute PHP files on the server. Possible attack scenarios include:
An attacker uploads a PHP file to another system and obtains its absolute path but cannot directly access it. The attacker can then execute the PHP file through this vulnerability.
A PHP code injection vulnerability is discovered, but the configuration file cannot be directly accessed. The attacker can execute the PHP code through this vulnerability. |
|---|
| 원천 | ⚠️ https://github.com/jeanmarc77/123solar/issues/75 |
|---|
| 사용자 | hejiasheng (UID 74892) |
|---|
| 제출 | 2024. 09. 14. AM 09:08 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 09. 27. AM 07:10 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 278657 [jeanmarc77 123solar 까지 1.8.4.5 /admin/admin_invt2.php PROTOCOLx 권한 상승] |
|---|
| 포인트들 | 20 |
|---|