Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 up to and including 3.0.b3 allow remote malicious users to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spiffyjr phpraid 3.0.b3 |
||
spiffyjr phpraid 3.0.b1 |
||
spiffyjr phpraid 3.0.b2 |
||
spiffyjr phpraid 2.9.5 |