Vulnerabilities > CVE-2007-0182 - Remote File Include vulnerability in Magic Photo Storage Website
Summary
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Magic Photo Storage Website user/change_catalog_template.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php plat... id EDB-ID:29422 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29422/ title Magic Photo Storage Website - user/change_catalog_template.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/add_templates.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29410 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29410/ title Magic Photo Storage Website - admin/add_templates.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/user_email.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29432 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29432/ title Magic Photo Storage Website - user/user_email.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29412 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29412/ title Magic Photo Storage Website - admin/approve_member.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/index.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29414 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29414/ title Magic Photo Storage Website - admin/index.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/delete_category.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29425 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29425/ title Magic Photo Storage Website - user/delete_category.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/index.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29426 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29426/ title Magic Photo Storage Website - user/index.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/admin_password.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29407 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29407/ title Magic Photo Storage Website - admin/admin_password.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/delete_member.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29413 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29413/ title Magic Photo Storage Website - admin/delete_member.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/login.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29427 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29427/ title Magic Photo Storage Website - user/login.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/list_members.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29415 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29415/ title Magic Photo Storage Website - admin/list_members.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/send_email.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29417 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29417/ title Magic Photo Storage Website - admin/send_email.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website include/db_config.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29419 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29419/ title Magic Photo Storage Website - include/db_config.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/add_news.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29421 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29421/ title Magic Photo Storage Website - user/add_news.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/couple_milestone.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29423 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29423/ title Magic Photo Storage Website - user/couple_milestone.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/user_membership_password.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php plat... id EDB-ID:29434 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29434/ title Magic Photo Storage Website - user/user_membership_password.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/logout.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29428 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29428/ title Magic Photo Storage Website - user/logout.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/admin_paypal_email.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29411 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29411/ title Magic Photo Storage Website - admin/admin_paypal_email.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/couple_profile.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29424 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29424/ title Magic Photo Storage Website - user/couple_profile.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/user_catelog_password.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29431 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29431/ title Magic Photo Storage Website - user/user_catelog_password.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website include/config.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29418 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29418/ title Magic Photo Storage Website - include/config.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/register.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29429 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29429/ title Magic Photo Storage Website - user/register.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/user_extend.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29433 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29433/ title Magic Photo Storage Website - user/user_extend.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website user/upload_photo.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29430 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29430/ title Magic Photo Storage Website - user/upload_photo.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/admin_email.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29409 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29409/ title Magic Photo Storage Website - admin/admin_email.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/add_welcome_text.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182. Webapps exploit for php platform id EDB-ID:29408 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29408/ title Magic Photo Storage Website - admin/add_welcome_text.php _configsite_path Parameter Remote File Inclusion description Magic Photo Storage Website admin/membership_pricing.php _config[site_path] Parameter Remote File Inclusion. CVE-2007-0182 . Webapps exploit for php platform id EDB-ID:29416 last seen 2016-02-03 modified 2007-01-09 published 2007-01-09 reporter IbnuSina source https://www.exploit-db.com/download/29416/ title Magic Photo Storage Website - admin/membership_pricing.php _configsite_path Parameter Remote File Inclusion
References
- http://securityreason.com/securityalert/2136
- http://www.osvdb.org/32668
- http://www.osvdb.org/33411
- http://www.osvdb.org/33412
- http://www.osvdb.org/33413
- http://www.osvdb.org/33414
- http://www.osvdb.org/33415
- http://www.osvdb.org/33416
- http://www.osvdb.org/33417
- http://www.osvdb.org/33418
- http://www.osvdb.org/33419
- http://www.osvdb.org/33420
- http://www.osvdb.org/33421
- http://www.osvdb.org/33422
- http://www.osvdb.org/33423
- http://www.osvdb.org/33425
- http://www.osvdb.org/33426
- http://www.osvdb.org/33427
- http://www.osvdb.org/33428
- http://www.osvdb.org/33429
- http://www.osvdb.org/33430
- http://www.osvdb.org/33431
- http://www.osvdb.org/33432
- http://www.osvdb.org/33433
- http://www.osvdb.org/33434
- http://www.osvdb.org/33435
- http://www.osvdb.org/33436
- http://www.osvdb.org/33437
- http://www.osvdb.org/33438
- http://www.osvdb.org/33439
- http://www.securityfocus.com/archive/1/456389/100/0/threaded
- http://www.securityfocus.com/bid/21965