漏洞标题
N/A
漏洞描述信息
在PopSoft Digital PopPhoto Studio 3.5.4 和更早版本中,资源/includes/popp.config.loader.inc.php 文件包含PHP远程漏洞,该漏洞允许远程攻击者通过包含路径参数(cfg['popphoto_base_path']变量)中的URL执行任意PHP代码。注意:Pixaria已经通知CVE,“PopPhoto 不是Pixaria的产品。它是PopSoft Digital的产品,仅由Pixaria作为礼貌的 hosting...列出的漏洞是由以前的供应商修复的,以前的所有用户都已收到此更新。”
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
PopSoft Digital PopPhoto Studio popp.config.loader.inc.php PHP远程文件包含漏洞
漏洞描述信息
PopSoft Digital PopPhoto Studio 3.5.4及之前版本的resources/includes/popp.config.loader.inc.php中存在PHP远程文件包含漏洞。远程攻击者可以借助 include_path参数(cfg['popphoto_base_path'] 变量)中的URL,执行任意PHP代码。 注意: Pixaria已通知CVE"PopPhoto并非Pixaria的产品。 它是PopSoft Digital的产品,只不过由Pixaria提供免费的主机服务
CVSS信息
N/A
漏洞类别
代码注入