Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
unak unak cms 1.5 |
||
unak unak cms 1.5_rc1 |