VULHUB ™

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 <?php if ($route == "groups") { require_once $basePath . '/action/m_groups.php'; } elseif ($route == "group") { require_once $basePath . '/action/m_group.php'; } elseif ($route == "galbum") { require_once $basePath . '/action/m_galbum.php'; } phpwind 7.5 已经在这个补丁的同时'修补'了 http://www.phpwind.net/read-htm-tid-914851.html <?php !function_exists('readover') && exit('Forbidden'); if ($route == "groups") { require_once $basePath . '/action/m_groups.php'; } elseif ($route == "group") { require_once $basePath . '/action/m_group.php'; } elseif ($route == "galbum") { require_once $basePath . '/action/m_galbum.php'; } ?>

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 <?php if ($route == "groups") { require_once $basePath . '/action/m_groups.php'; } elseif ($route == "group") { require_once $basePath . '/action/m_group.php'; } elseif ($route == "galbum") { require_once $basePath . '/action/m_galbum.php'; } phpwind 7.5 已经在这个补丁的同时'修补'了 http://www.phpwind.net/read-htm-tid-914851.html <?php !function_exists('readover') && exit('Forbidden'); if ($route == "groups") { require_once $basePath . '/action/m_groups.php'; } elseif ($route == "group") { require_once $basePath . '/action/m_group.php'; } elseif ($route == "galbum") { require_once $basePath . '/action/m_galbum.php'; } ?>