N/A

PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.

N/A

N/A

SmartSiteCMS多个远程文件包含漏洞

SmartSiteCMS 1.0及之前版本存在PHP远程文件包含漏洞。当register_globals启用时，远程攻击者可以借助 (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, 以及 (5) admin/include/inc_adminfoot.php中的root 参数，执行任意PHP代码。

N/A

N/A