Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro Edition 4.9 r46 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the _SESSION[docroot_path] parameter to (1) includes/shared_functions.php or (2) client_files/shopping_cart/pgm-shopping_css.inc.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
soholaunch soholaunch pro edition 4.9_r36 |