N/A

Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php

N/A

N/A

phpXmms 安全漏洞

phpXmms是运行中的 XMMS/Icecast 服务器的 Web 前端。它允许用户远程跳过、暂停、播放和添加歌曲。 phpXmms 1.0 中的多个 PHP 远程文件存在安全漏洞，允许远程攻击者通过 (1) phpxmmsb.php 或 (2) phpxmmst.php 的 tcmdp 参数中的 URL 执行任意 PHP 代码。

N/A

N/A