This is a detailed vulnerability advisory for Saurus CMS 4.7.1, describing multiple Local File Inclusion (LFI), Remote File Inclusion (RFI), and SQL Injection vulnerabilities. It includes technical details, attack vectors, and proof-of-concept test cases.
Classification
Writeup 100%
Attack Type
Info Leak | Rce | Sqli
Complexity
Moderate
Reliability
Reliable
Target:Saurus CMS 4.7.1
Auth required
Prerequisites:Valid file ID for LFI · PHP register_globals = on for RFI · PHP magic_quotes_gpc = Off for SQLi