PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote malicious users to include arbitrary local files via the siteurl parameter when register_globals is enabled. NOTE: It was later reported that PHPFanBase 2.2 is also affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codegrrl phpclique |
||
codegrrl phpfanbase |
||
codegrrl phpquotes |
||
codegrrl phpcalendar |
||
codegrrl phpcurrently |