Описание
Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:picturedis:picturedis_photoalbum:4.82:*:*:*:*:*:*:*
cpe:2.3:a:picturedis:picturedis_professional:1.33_build_234:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.01821
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.
EPSS
Процентиль: 83%
0.01821
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other