TinyWebGallery <= 1.7.6 LFI /... CVE-2009-1911 CNNVD-200906-060

6.8 AV AC AU C I A
发布: 2009-06-04
修订: 2018-10-10

STinyWebGallery(TWG)是软件开发者Michael Dempfle所研发的一套基于Ajax、PHP和XML的开源相册,它提供文字和图片水印、幻灯片播放、图像上传和管理等功能。 TinyWebGallery的/admin/_include/init.php模块没有正确地验证用户请求中的$_GET['lang']参数: 110. // Get Language 111. if (isset($GLOBALS['__GET']["lang"])) $GLOBALS["lang"] = $GLOBALS["language"] = $_SESSION["admin_lang"] = $GLOBALS['__GET']["lang"]; 112. elseif (isset($GLOBALS['__POST']["lang"])) $GLOBALS["lang"] = $GLOBALS["language"] = $_SESSION["admin_lang"] = $GLOBALS['__POST']["lang"]; 113. else if (isset($_SESSION["admin_lang"])) $GLOBALS["lang"] = $GLOBALS["language"] = $_SESSION["admin_lang"]; 114. else $GLOBALS["language"] = $GLOBALS["default_language"]; 115. [...] 138. 139. // ------------------------------------------------------------------------------ 140. // Necessary files 141. require _QUIXPLORER_PATH . "/_config/conf.php"; 142. 143. if (file_exists(_QUIXPLORER_PATH . "/_lang/" . $GLOBALS["language"] . ".php")) 144. require _QUIXPLORER_PATH . "/_lang/" . $GLOBALS["language"] . ".php"; 145....

0%

漏洞利用/PoC

当前有2条漏洞利用/PoC

受影响的平台与产品

当前有69条受影响产品信息