PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote malicious users to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized before use.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owl owl intranet engine 0.6 |
||
owl owl intranet engine 0.72 |
||
owl owl intranet engine 0.73 |
||
owl owl intranet engine 0.8 |
||
owl owl intranet engine 0.82 |