{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0182", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/. NOTE: the include/common_function.php vector is already covered by another candidate from the same date." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "33419", "refsource": "OSVDB", "url": "http://www.osvdb.org/33419" }, { "name": "33433", "refsource": "OSVDB", "url": "http://www.osvdb.org/33433" }, { "name": "33436", "refsource": "OSVDB", "url": "http://www.osvdb.org/33436" }, { "name": "33432", "refsource": "OSVDB", "url": "http://www.osvdb.org/33432" }, { "name": "33430", "refsource": "OSVDB", "url": "http://www.osvdb.org/33430" }, { "name": "33439", "refsource": "OSVDB", "url": "http://www.osvdb.org/33439" }, { "name": "33426", "refsource": "OSVDB", "url": "http://www.osvdb.org/33426" }, { "name": "32668", "refsource": "OSVDB", "url": "http://www.osvdb.org/32668" }, { "name": "33413", "refsource": "OSVDB", "url": "http://www.osvdb.org/33413" }, { "name": "33411", "refsource": "OSVDB", "url": "http://www.osvdb.org/33411" }, { "name": "33415", "refsource": "OSVDB", "url": "http://www.osvdb.org/33415" }, { "name": "33420", "refsource": "OSVDB", "url": "http://www.osvdb.org/33420" }, { "name": "33438", "refsource": "OSVDB", "url": "http://www.osvdb.org/33438" }, { "name": "33425", "refsource": "OSVDB", "url": "http://www.osvdb.org/33425" }, { "name": "33418", "refsource": "OSVDB", "url": "http://www.osvdb.org/33418" }, { "name": "33427", "refsource": "OSVDB", "url": "http://www.osvdb.org/33427" }, { "name": "2136", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2136" }, { "name": "33434", "refsource": "OSVDB", "url": "http://www.osvdb.org/33434" }, { "name": "20070108 magic photo storage website Multiple Remote File Inclusion", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456389/100/0/threaded" }, { "name": "33423", "refsource": "OSVDB", "url": "http://www.osvdb.org/33423" }, { "name": "33417", "refsource": "OSVDB", "url": "http://www.osvdb.org/33417" }, { "name": "33412", "refsource": "OSVDB", "url": "http://www.osvdb.org/33412" }, { "name": "33421", "refsource": "OSVDB", "url": "http://www.osvdb.org/33421" }, { "name": "33428", "refsource": "OSVDB", "url": "http://www.osvdb.org/33428" }, { "name": "33422", "refsource": "OSVDB", "url": "http://www.osvdb.org/33422" }, { "name": "21965", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21965" }, { "name": "33437", "refsource": "OSVDB", "url": "http://www.osvdb.org/33437" }, { "name": "33414", "refsource": "OSVDB", "url": "http://www.osvdb.org/33414" }, { "name": "33429", "refsource": "OSVDB", "url": "http://www.osvdb.org/33429" }, { "name": "33435", "refsource": "OSVDB", "url": "http://www.osvdb.org/33435" }, { "name": "33431", "refsource": "OSVDB", "url": "http://www.osvdb.org/33431" }, { "name": "33416", "refsource": "OSVDB", "url": "http://www.osvdb.org/33416" } ] } }