← voltar
CVE-2007-0182

CVE-2007-0182

EPSS 4.6%
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
Produtos afetados
n/a · n/a
PoCs públicas encontradas28
exploitdbwww.exploit-db.com/exploits/29410não verificadoexploitdbwww.exploit-db.com/exploits/29408não verificadoexploitdbwww.exploit-db.com/exploits/29409não verificadoexploitdbwww.exploit-db.com/exploits/29407não verificadoexploitdbwww.exploit-db.com/exploits/29411não verificadoexploitdbwww.exploit-db.com/exploits/29412não verificadoexploitdbwww.exploit-db.com/exploits/29413não verificadoexploitdbwww.exploit-db.com/exploits/29414não verificadoexploitdbwww.exploit-db.com/exploits/29415não verificadoexploitdbwww.exploit-db.com/exploits/29416não verificadoexploitdbwww.exploit-db.com/exploits/29417não verificadoexploitdbwww.exploit-db.com/exploits/29418não verificadoexploitdbwww.exploit-db.com/exploits/29419não verificadoexploitdbwww.exploit-db.com/exploits/29420não verificadoexploitdbwww.exploit-db.com/exploits/29421não verificadoexploitdbwww.exploit-db.com/exploits/29422não verificadoexploitdbwww.exploit-db.com/exploits/29423não verificadoexploitdbwww.exploit-db.com/exploits/29424não verificadoexploitdbwww.exploit-db.com/exploits/29425não verificadoexploitdbwww.exploit-db.com/exploits/29426não verificadoexploitdbwww.exploit-db.com/exploits/29427não verificadoexploitdbwww.exploit-db.com/exploits/29428não verificadoexploitdbwww.exploit-db.com/exploits/29429não verificadoexploitdbwww.exploit-db.com/exploits/29430não verificadoexploitdbwww.exploit-db.com/exploits/29431não verificadoexploitdbwww.exploit-db.com/exploits/29432não verificadoexploitdbwww.exploit-db.com/exploits/29433não verificadoexploitdbwww.exploit-db.com/exploits/29434não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://securityreason.com/securityalert/2136http://www.osvdb.org/32668http://www.osvdb.org/33411http://www.osvdb.org/33412http://www.osvdb.org/33413http://www.osvdb.org/33414http://www.osvdb.org/33415http://www.osvdb.org/33416http://www.osvdb.org/33417http://www.osvdb.org/33418http://www.osvdb.org/33419http://www.osvdb.org/33420