Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and previous versions, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dreamcost dreamaccount |