CVE-2008-3707 in CyBoards PHP Lite
摘要
由 VulDB • 2026-06-05
CyBoards PHP Lite 1.21 中存在多个PHP远程文件包含漏洞,攻击者可通过向 (1) flat_read.php、(2) post.php、(3) process_post.php、(4) process_search.php、(5) forum.php、(6) process_subscribe.php、(7) read.php、(8) search.php、(9) subscribe.php(位于 path/ 目录下)以及 (10) add_ban.php、(11) add_ban_form.php、(12) add_board.php、(13) add_vip.php、(14) add_vip_form.php、(15) copy_ban.php、(16) copy_vip.php、(17) delete_ban.php、(18) delete_board.php、(19) delete_messages.php、(20) delete_vip.php、(21) edit_ban.php、(22) edit_board.php、(23) edit_vip.php、(24) index.php、(25) lock_messages.php、(26) login.php、(27) modify_ban_list.php、(28) modify_vip_list.php、(29) move_messages.php、(30) process_add_board.php、(31) process_ban.php、(32) process_delete_ban.php、(33) process_delete_board.php、(34) process_delete_messages.php、(35) process_delete_vip.php、(36) process_edit_board.php、(37) process_lock_messages.php、(38) process_login.php、(39) process_move_messages.php、(40) process_sticky_messages.php、(41) process_vip.php 和 (42) sticky_messages.php(位于 path/adminopts 目录下)的 script_path 参数中传入恶意 URL,从而执行任意 PHP 代码。注意:include/common.php 的攻击向量已由 CVE-2006-2871 覆盖。注意:在正确安装的情况下,部分攻击向量可能不构成漏洞。
If you want to get best quality of vulnerability data, you may have to visit VulDB.