Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
allmyguests project allmyguests |