Due to the inclusion of spliced and unfiltered controllable parameter files in index.php, path traversal can be performed to include php native pearcmd.php resulting in the writing of the malicious file getshell.
The text was updated successfully, but these errors were encountered:
漏洞简介 Vulnerability Introduction
由于index.php存在拼接且未经过滤的可控参数文件包含,可以进行路径穿越包含php原生pearcmd.php导致写入恶意文件Getshell。
Due to the inclusion of spliced and unfiltered controllable parameter files in index.php, path traversal can be performed to include php native pearcmd.php resulting in the writing of the malicious file getshell.
The text was updated successfully, but these errors were encountered: