Paul M. Jones Savant2 多个PHP远程文件包含漏洞

Paul M. Jones Savant2存在多个PHP远程文件包含漏洞，可能在与Mambo和Joomla软件的com_mtree组件一起使用时，远程攻击者可借助以下脚本的mosConfig_absolute_path参数中的URL执行任意PHP代码：(1) Savant2_Plugin_stylesheet.php， (2) Savant2_Compiler_basic.php， (3) Savant2_Error_pear.php， (4) Savant2_Error_stack.php， (5) Savant2_Filter_colorizeCode.php， (6) Savant2_Filter_trimwhitespace.php， (7) Savant2_Plugin_ahref.php， (8) Savant2_Plugin_ahrefcontact.php， (9) Savant2_Plugin_ahreflisting.php， (10) Savant2_Plugin_ahreflistingimage.php， (11) Savant2_Plugin_ahrefmap.php， (12) Savant2_Plugin_ahrefownerlisting.php， (13) Savant2_Plugin_ahrefprint.php， (14) Savant2_Plugin_ahrefrating.php， (15) Savant2_Plugin_ahrefrecommend.php， (16) Savant2_Plugin_ahrefreport.php， (17) Savant2_Plugin_ahrefreview.php， (18) Savant2_Plugin_ahrefvisit.php， (19) Savant2_Plugin_checkbox.php， (20) Savant2_Plugin_cycle.php， (21) Savant2_Plugin_dateformat.php， (22) Savant2_Plugin_editor.php， (23) Savant2_Plugin_form.php， (24) Savant2_Plugin_image.php， (25) Savant2_Plugin_input.php， (26) Savant2_Plugin_javascript.php， (27) Savant2_Plugin_listalpha.php， (28) Savant2_Plugin_listingname.php， (29) Savant2_Plugin_modify.php， (30) Savant2_Plugin_mtpath.php， (31) Savant2_Plugin_options.php， (32) Savant2_Plugin_radios.php， (33) Savant2_Plugin_rating.php， 或 (34) Savant2_Plugin_textarea.php。