Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cardway digitalwebshop 1.110 |
||
cardway digitalwebshop 1.120 |
||
cardway digitalwebshop 1.128 |