CVE-2002-1736 |
|
发布时间 :2002-12-31 00:00:00 |
修订时间 :2017-07-10 21:29:23 |
NMCO |
|
|
[原文]Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via "unfiltered user input."
[CNNVD]CGINews读取任意文件漏洞(CNNVD-200212-862)
CGINews 1.06以前版本存在未知漏洞。远程攻击者借助“未筛选的用户输入”读取任意文件。
-
CVSS (基础分值)
CVSS分值: |
5 |
[中等(MEDIUM)] |
机密性影响: |
|
[--] |
完整性影响: |
|
[--] |
可用性影响: |
|
[--] |
攻击复杂度: |
|
[--] |
攻击向量: |
|
[--] |
身份认证: |
|
[--] |
-
CPE (受影响的平台与产品)
-
OVAL (用于检测的技术细节)
-
官方数据库链接
-
其它链接及资源
-
漏洞信息
CGINews读取任意文件漏洞 |
中危 |
未知 |
2002-12-31 00:00:00 |
2005-10-20 00:00:00 |
远程 |
|
|
CGINews 1.06以前版本存在未知漏洞。远程攻击者借助“未筛选的用户输入”读取任意文件。 |
-
公告与补丁
-
漏洞信息
37192 |
CGINews Unspecified Arbitrary File Disclosure |
|
Information Disclosure |
Loss of Confidentiality |
Upgrade |
|
Vendor Verified |
-
漏洞描述
-
时间线
2002-02-10 |
Unknow |
Unknow |
Unknow |
-
解决方案
Upgrade to version 1.06 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
-
相关参考
-
漏洞作者