CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
96.9%
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date.
Vendor | Product | Version | CPE |
---|---|---|---|
scriptaty | magic_photo_storage_website | * | cpe:2.3:a:scriptaty:magic_photo_storage_website:*:*:*:*:*:*:*:* |
securityreason.com/securityalert/2136
www.osvdb.org/32668
www.osvdb.org/33411
www.osvdb.org/33412
www.osvdb.org/33413
www.osvdb.org/33414
www.osvdb.org/33415
www.osvdb.org/33416
www.osvdb.org/33417
www.osvdb.org/33418
www.osvdb.org/33419
www.osvdb.org/33420
www.osvdb.org/33421
www.osvdb.org/33422
www.osvdb.org/33423
www.osvdb.org/33425
www.osvdb.org/33426
www.osvdb.org/33427
www.osvdb.org/33428
www.osvdb.org/33429
www.osvdb.org/33430
www.osvdb.org/33431
www.osvdb.org/33432
www.osvdb.org/33433
www.osvdb.org/33434
www.osvdb.org/33435
www.osvdb.org/33436
www.osvdb.org/33437
www.osvdb.org/33438
www.osvdb.org/33439
www.securityfocus.com/archive/1/456389/100/0/threaded
www.securityfocus.com/bid/21965