PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
Software | From | Fixed in |
---|---|---|
allmylinks_project / allmylinks | 0.3 | 0.3.x |
allmylinks_project / allmylinks | 0.4 | 0.4.x |
allmylinks_project / allmylinks | 0.4.1 | 0.4.1.x |
allmylinks_project / allmylinks | 0.4.3 | 0.4.3.x |
allmylinks_project / allmylinks | 0.4.4 | 0.4.4.x |
allmylinks_project / allmylinks | 0.4.9 | 0.4.9.x |
allmylinks_project / allmylinks | 0.5 | 0.5.x |
allmyguests_project / allmyguests | 0.1.2 | 0.1.2.x |
allmyguests_project / allmyguests | 0.3 | 0.3.x |
allmyguests_project / allmyguests | 0.4 | 0.4.x |
allmyguests_project / allmyguests | 0.4.1 | 0.4.1.x |
allmyvisitors_project / allmyvisitors | 0.3 | 0.3.x |
allmyvisitors_project / allmyvisitors | 0.4 | 0.4.x |