CVE-2008-0803 in Lan Manager
摘要
由 VulDB • 2026-06-09
LookStrike Lan Manager 0.9 中存在多个 PHP 远程文件包含漏洞,攻击者可通过向 `modules\class\Table.php`、`db_admins.php`、`db_alert.php`、`db_double.php`、`db_games.php`、`db_matches.php`、`db_match_teams.php`、`db_news.php`、`db_platform.php`、`db_players.php`、`db_server_group.php`、`db_server_ip.php`、`db_teams.php`、`db_team_players.php`、`db_tournaments.php`、`db_tournament_teams.php` 以及 `db_trees.php`(位于 `modules\class\db\` 目录下)的 `sys_conf[path][real]` 参数中传入 URL,从而执行任意 PHP 代码;此外,还可向 `Match.php`、`MatchTeam.php`、`Rule.php`、`RuleBuilder.php`、`RulePool.php`、`RuleSingle.php`、`RuleTree.php`、`Tournament.php`、`TournamentTeam.php`、`Tree.php` 和 `TreeSingle.php`(位于 `modules\class\tournament\` 目录下)实现相同攻击。注意:此漏洞还可利用目录遍历序列来包含并执行任意本地文件。
If you want to get best quality of vulnerability data, you may have to visit VulDB.