merchants/index.php in Post Affiliate Pro 2.0.4 and previous versions, with magic_quotes_gpc disabled, allows remote malicious users to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
post affiliate pro post affiliate pro 2.0.4 |