漏洞信息详情

PHP Yappa-NG未明远程文件包含漏洞

  • CNNVD编号:CNNVD-200504-091
  • 危害等级: 高危
  • CVE编号: CVE-2005-1312
  • 漏洞类型: 输入验证
  • 发布时间: 2005-04-24
  • 威胁类型: 远程
  • 更新时间: 2006-09-28
  • 厂        商: yappa-ng
  • 漏洞来源: Discovery is credi...

漏洞简介

yappa-ng是一个非常强大但非常易于安装和使用的在线PHP相册。支持所有操作系统 (Linux/UNIX,Windows,MAC, ...),和所有Web服务器(Apache,IIS,...)并且不需要数据库支持。每一张图片都可以以多种不同的尺寸进行查看,并且缩略图和所有其它调整大小都将自动快速创建。yappa-ng支持为相册设置密码保护,统计图片点击,设置图片评论功能。 Yappa-NG的2.3.2之前版本存在PHP远程文件包含漏洞, 远程攻击者可以通过未知向量来执行任意PHP代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: yappa-ng yappa-ng 0.9 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.0 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.1 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.2 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.3 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.4 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.5 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 1.6 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.0 .0 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.0.1 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.1 .0 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.2 .0 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.2.1 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.2.2 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.3 .0 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802 yappa-ng yappa-ng 2.3.1 yappa-ng yappa-ng 2.3.2 http://sourceforge.net/project/showfiles.php?group_id=70802

参考网址

来源: BID 名称: 13371 链接:http://www.securityfocus.com/bid/13371 来源: SECUNIA 名称: 15107 链接:http://secunia.com/advisories/15107 来源: OSVDB 名称: 15829 链接:http://www.osvdb.org/15829 来源: sourceforge.net 链接:http://sourceforge.net/project/shownotes.php?release_id=323206

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多