PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and previous versions allows remote malicious users to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
korweblog korweblog 1.6.2cvs |
||
korweblog korweblog 1.6.1 |