PHP remote file inclusion vulnerability in HotNews 0.7.2 and previous versions allows remote malicious users to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hotnews hotnews 0.7.2 |
||
hotnews hotnews 0.6.0 |
||
hotnews hotnews 0.6.0_pre |
||
hotnews hotnews 0.6.1 |
||
hotnews hotnews 0.7.0 |
||
hotnews hotnews 0.7.1 |
||
hotnews hotnews 0.5.3 |