Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy Gallery 1.4 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the doc_directory parameter in (1) file.php; (2) find_user.php, (3) lib_user.php, (4) lib_form_user.php, and (5) user.php in sw/lib_user/; (6) find_session.php and (7) session.php in sw/lib_session/; (8) comment.php and (9) lib_comment.php in sw/lib_comment/; and other unspecified PHP scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opendock easy gallery |