Описание
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0182
- http://securityreason.com/securityalert/2136
- http://www.osvdb.org/32668
- http://www.osvdb.org/33411
- http://www.osvdb.org/33412
- http://www.osvdb.org/33413
- http://www.osvdb.org/33414
- http://www.osvdb.org/33415
- http://www.osvdb.org/33416
- http://www.osvdb.org/33417
- http://www.osvdb.org/33418
- http://www.osvdb.org/33419
- http://www.osvdb.org/33420
- http://www.osvdb.org/33421
- http://www.osvdb.org/33422
- http://www.osvdb.org/33423
- http://www.osvdb.org/33425
- http://www.osvdb.org/33426
- http://www.osvdb.org/33427
- http://www.osvdb.org/33428
- http://www.osvdb.org/33429
- http://www.osvdb.org/33430
- http://www.osvdb.org/33431
- http://www.osvdb.org/33432
- http://www.osvdb.org/33433
- http://www.osvdb.org/33434
- http://www.osvdb.org/33435
- http://www.osvdb.org/33436
- http://www.osvdb.org/33437
- http://www.osvdb.org/33438
- http://www.osvdb.org/33439
- http://www.securityfocus.com/archive/1/456389/100/0/threaded
- http://www.securityfocus.com/bid/21965
EPSS
CVE ID
Связанные уязвимости
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
EPSS