VULHUB ™

GRBoard 1.8版本存在多个PHP远程文件包含漏洞。当register_globals被激活而magic_quotes_gpc被中止时，远程攻击者可以借助到theme/中的(a)179_squarebox_pds_list/view.php, (b)179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d)179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k)179_simplebar_notice/view.php, (l)179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php和(n)179_simplebar_basic/view.php的theme参数中的一个URL；到latest/sirini_gallery_latest/list.php的路径参数中的一个URL，以及到(p)include.php感和(q)form_mail.php的grboard参数中的一个URL，执行任意的PHP代码。

GRBoard 1.8版本存在多个PHP远程文件包含漏洞。当register_globals被激活而magic_quotes_gpc被中止时，远程攻击者可以借助到theme/中的(a)179_squarebox_pds_list/view.php, (b)179_squarebox_minishop_expand/view.php, (c) 179_squarebox_gallery_list_pds/view.php, (d)179_squarebox_gallery_list/view.php, (e) 179_squarebox_gallery/view.php, (f) 179_squarebox_board_swfupload/view.php, (g) 179_squarebox_board_expand/view.php, (h) 179_squarebox_board_basic_with_grcode/view.php, (i) 179_squarebox_board_basic/view.php, (j) 179_simplebar_pds_list/view.php, (k)179_simplebar_notice/view.php, (l)179_simplebar_gallery_list_pds/view.php, (m) 179_simplebar_gallery/view.php和(n)179_simplebar_basic/view.php的theme参数中的一个URL；到latest/sirini_gallery_latest/list.php的路径参数中的一个URL，以及到(p)include.php感和(q)form_mail.php的grboard参数中的一个URL，执行任意的PHP代码。