VULHUB ™

Campware Campsite存在多个PHP远程文件包含漏洞，远程攻击者通过传给在implementation/management/classes内的(1)Alias.php，(2)Article.php，(3)ArticleAttachment.php，(4)ArticleComment.php，(5)ArticleData.php，(6)ArticleImage.php，(7)ArticleIndex.php，(8)ArticlePublish.php，(9)ArticleTopic.php，(10)ArticleType.php，(11)ArticleTypeField.php，(12)Attachment.php，(13)Country.php，(14)DatabaseObject.php，(15)Event.php，(16)IPAccess.php，(17)Image.php，(18)Issue.php，(19)IssuePublish.php，(20)Language.php，(21)Log.php，(22)LoginAttempts.php，(23)Publication.php，(24)Section.php，(25)ShortURL.php，(26)Subscription.php，(27)SubscriptionDefaultTime.php，(28)SubscriptionSection.php，(29)SystemPref.php，(30)Template.php，(31)TimeUnit.php，(32)Topic.php，(33)UrlType.php，(34)User.php和(35)UserType.php；在implementation/management/内的(36)configuration.php和(37)db_connect.php；和在implementation/management/priv/localizer/内的(38)LocalizerConfig.php和(39)LocalizerLanguage.php的g_documentRoot参数内的URL执行任意PHP代码。

Campware Campsite存在多个PHP远程文件包含漏洞，远程攻击者通过传给在implementation/management/classes内的(1)Alias.php，(2)Article.php，(3)ArticleAttachment.php，(4)ArticleComment.php，(5)ArticleData.php，(6)ArticleImage.php，(7)ArticleIndex.php，(8)ArticlePublish.php，(9)ArticleTopic.php，(10)ArticleType.php，(11)ArticleTypeField.php，(12)Attachment.php，(13)Country.php，(14)DatabaseObject.php，(15)Event.php，(16)IPAccess.php，(17)Image.php，(18)Issue.php，(19)IssuePublish.php，(20)Language.php，(21)Log.php，(22)LoginAttempts.php，(23)Publication.php，(24)Section.php，(25)ShortURL.php，(26)Subscription.php，(27)SubscriptionDefaultTime.php，(28)SubscriptionSection.php，(29)SystemPref.php，(30)Template.php，(31)TimeUnit.php，(32)Topic.php，(33)UrlType.php，(34)User.php和(35)UserType.php；在implementation/management/内的(36)configuration.php和(37)db_connect.php；和在implementation/management/priv/localizer/内的(38)LocalizerConfig.php和(39)LocalizerLanguage.php的g_documentRoot参数内的URL执行任意PHP代码。