漏洞描述
由于php5.3.x版本里php.ini的设置里request_order默认值为GP,导致$_REQUEST中不再包含$_COOKIE,我们通过在Cookie中传入$GLOBALS来覆盖全局变量,造成代码执行漏洞。
Discuz 7.x/6.x 全局变量防御绕过导致代码执行
PoC代码
暂无相关漏洞推荐
- GLPI /index.php/ajax/ SQL 注入漏洞(CVE-2025-24799)
- N-central /dms/services/ServerMMS XML 外部实体注入漏洞(CVE-2025-11700)
- POC CVE-2017-14725: WordPress < 4.8.2 - Authenticated Open Redirect
- POC CVE-2017-17092: WordPress < 4.9.1 - Authenticated JavaScript File Upload
- POC CVE-2018-13317: TOTOLINK A3002RU 1.0.8 - Information Disclosure
- POC CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
- POC CVE-2025-11700: N-central - XML External Entities Injection
- POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- POC CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- 天地伟业Easy7 downloadFile 任意文件读取漏洞
- POC CVE-2024-37656: GnuBoard5 5.5.16 - Open Redirect
- (CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- POC CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change