VULHUB ™

A vulnerability has been reported for 123tkShop for versions prior to 0.3.1. Reportedly, an attacker may be able to read arbitrary files on the vulnerable system with the privilege level of the 123tkShop process. If 'register_globals' is enabled, and 'magic_quotes_gcp' is disabled in the PHP configuration file, php.ini, it may be possible for a remote attacker to view arbitrary system files. This may be done by setting a variable used in an include() statement and using '../' and null character sequences.

A vulnerability has been reported for 123tkShop for versions prior to 0.3.1. Reportedly, an attacker may be able to read arbitrary files on the vulnerable system with the privilege level of the 123tkShop process. If 'register_globals' is enabled, and 'magic_quotes_gcp' is disabled in the PHP configuration file, php.ini, it may be possible for a remote attacker to view arbitrary system files. This may be done by setting a variable used in an include() statement and using '../' and null character sequences.