VULHUB ™

Creasito E-Commerce Content Manager远程攻击者通过传给在admin/.内的(1)addnewcont.php，(2)adminpassw.php，(3)amministrazione.php，(4)artins.php，(5)bgcolor.php，(6)cancartcat.php，(7)canccat.php，(8)cancelart.php，(9)cancontsit.php，(10)chanpassamm.php，(11)dele.php，(12)delecat.php，(13)delecont.php，(14)emailall.php，(15)gestflashtempl.php，(16)gestmagart.php，(17)gestmagaz.php，(18)gestpre.php，(19)input.php，(20)input3.php，(21)insnucat.php，(22)instempflash.php，(23)mailfc.php，(24)modfdati.php，(25)rescont4.php，(26)ricordo1.php，(27)ricordo4.php，(28)tabcatalg.php，(29)tabcont.php，(30)tabcont3.php，(31)tabstile.php，(32)tabstile3.php，(33)testimmg.php和(34)update.php的非空finame参数，来绕过认证并执行特限功能。

Creasito E-Commerce Content Manager远程攻击者通过传给在admin/.内的(1)addnewcont.php，(2)adminpassw.php，(3)amministrazione.php，(4)artins.php，(5)bgcolor.php，(6)cancartcat.php，(7)canccat.php，(8)cancelart.php，(9)cancontsit.php，(10)chanpassamm.php，(11)dele.php，(12)delecat.php，(13)delecont.php，(14)emailall.php，(15)gestflashtempl.php，(16)gestmagart.php，(17)gestmagaz.php，(18)gestpre.php，(19)input.php，(20)input3.php，(21)insnucat.php，(22)instempflash.php，(23)mailfc.php，(24)modfdati.php，(25)rescont4.php，(26)ricordo1.php，(27)ricordo4.php，(28)tabcatalg.php，(29)tabcont.php，(30)tabcont3.php，(31)tabstile.php，(32)tabstile3.php，(33)testimmg.php和(34)update.php的非空finame参数，来绕过认证并执行特限功能。