VULHUB ™

Kaqoo Auction Software免费版中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到include/core/中的(1)support.inc.php,(2) function.inc.php,(3)rdal_object.inc.php,(4)rdal_editor.inc.php.(5)login.inc.php,(6)request.inc.php和(7)categories.inc.php；include/display/item/中的(8)save.inc.php,(9)preview.inc.php,(10)edit_item.inc.php,(11)new_item.inc.php和(12)item_info.inc.php；include/display/中的(13)search.inc.php,(14)item_edit.inc.php,(15)register_succsess.inc.php,(16)context_menu.inc.php,(17) item_repost.inc.php,(18)balance.inc.php,(19)featured.inc.php,(20)user.inc.php,(21)buynow.inc.php,(22)install_complete.inc.php,(23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php,(29)add_bid.inc.php,(30)items_filter.inc.php,(31)my_info.inc.php,(32)register.inc.php,(33)leave_feedback.inc.php和(34) user_auctions.inc.php；include/中的(35)design/form.inc.php,(36)processor.inc.php,(37)interfaces.inc.php，(38)left_menu.inc.php,(39)...

Kaqoo Auction Software免费版中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到include/core/中的(1)support.inc.php,(2) function.inc.php,(3)rdal_object.inc.php,(4)rdal_editor.inc.php.(5)login.inc.php,(6)request.inc.php和(7)categories.inc.php；include/display/item/中的(8)save.inc.php,(9)preview.inc.php,(10)edit_item.inc.php,(11)new_item.inc.php和(12)item_info.inc.php；include/display/中的(13)search.inc.php,(14)item_edit.inc.php,(15)register_succsess.inc.php,(16)context_menu.inc.php,(17) item_repost.inc.php,(18)balance.inc.php,(19)featured.inc.php,(20)user.inc.php,(21)buynow.inc.php,(22)install_complete.inc.php,(23) fees_info.inc.php, (24) user_feedback.inc.php, (25) admin_balance.inc.php, (26) activate.inc.php, (27) user_info.inc.php, (28) member.inc.php,(29)add_bid.inc.php,(30)items_filter.inc.php,(31)my_info.inc.php,(32)register.inc.php,(33)leave_feedback.inc.php和(34) user_auctions.inc.php；include/中的(35)design/form.inc.php,(36)processor.inc.php,(37)interfaces.inc.php，(38)left_menu.inc.php,(39) login.inc.php和(40)categories.inc.php的install_root 参数中的一个URL，执行任意的PHP代码。