VULHUB ™

Grayscale BandSite CMS 1.1.1存在多个PHP远程文件包含漏洞。register_globals启用时，远程攻击者可以借助对(1) includes/content/contact_content.php;包括(2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php的adminpanel/includes/add_forms/ 中的多个文件； (19) adminpanel/includes/mailinglist/disphtmltbl.php,以及(20) adminpanel/includes/mailinglist/dispxls.php的 root_path 参数中的URL，执行任意PHP代码。

Grayscale BandSite CMS 1.1.1存在多个PHP远程文件包含漏洞。register_globals启用时，远程攻击者可以借助对(1) includes/content/contact_content.php;包括(2) addbioform.php, (3) addfliersform.php, (4) addgenmerchform.php, (5) addinterviewsform.php, (6) addlinksform.php, (7) addlyricsform.php, (8) addmembioform.php, (9) addmerchform.php, (10) addmerchpicform.php, (11) addnewsform.php, (12) addphotosform.php, (13) addreleaseform.php, (14) addreleasepicform.php, (15) addrelmerchform.php, (16) addreviewsform.php, (17) addshowsform.php, (18) addwearmerchform.php的adminpanel/includes/add_forms/ 中的多个文件； (19) adminpanel/includes/mailinglist/disphtmltbl.php,以及(20) adminpanel/includes/mailinglist/dispxls.php的 root_path 参数中的URL，执行任意PHP代码。