VULHUB ™

magic photo storage website中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到admin/中的(1)admin_password.php,(2) add_welcome_text.php,(3)admin_email.php,(4)add_templates.php,(5)admin_paypal_email.php,(6)approve_member.php,(7)delete_member.php, (8)index.php,(9)list_members.php,(10)membership_pricing.php或(11)send_email.php；include/中的(12)config.php或(13)db_config.php；user/中的(14)add_category.php,(15)add_news.php,(16)change_catalog_template.php,(17)couple_milestone.php,(18)couple_profile.php,(19) delete_category.php,(20)index.php,(21)login.php,(22)logout.php,(23)register.php,(24)upload_photo.php,(25)user_catelog_password.php, (26)user_email.php,(27)user_extend.php或(28)user_membership_password.php的_config[site_path]参数中的一个URL，执行任意的PHP代码。

magic photo storage website中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到admin/中的(1)admin_password.php,(2) add_welcome_text.php,(3)admin_email.php,(4)add_templates.php,(5)admin_paypal_email.php,(6)approve_member.php,(7)delete_member.php, (8)index.php,(9)list_members.php,(10)membership_pricing.php或(11)send_email.php；include/中的(12)config.php或(13)db_config.php；user/中的(14)add_category.php,(15)add_news.php,(16)change_catalog_template.php,(17)couple_milestone.php,(18)couple_profile.php,(19) delete_category.php,(20)index.php,(21)login.php,(22)logout.php,(23)register.php,(24)upload_photo.php,(25)user_catelog_password.php, (26)user_email.php,(27)user_extend.php或(28)user_membership_password.php的_config[site_path]参数中的一个URL，执行任意的PHP代码。