CVE-2007-0182 in magic photo storage websiteinfo

Zusammenfassung

von MITRE

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

10.01.2007

Veröffentlichung

12.01.2007

Moderieren

akzeptiert

Eintrag

VDB-34356

CPE

bereit

Exploit

Download

EPSS

0.04108

KEV

nein

Aktivitäten

very low

Sektor

Agriculture, Police, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2007-0182
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2007-0182
CVE Detailshttps://www.cvedetails.com/cve/CVE-2007-0182/

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!