PHP remote file inclusion vulnerability in photo_comment.php in Exhibit Engine 1.5 RC 4 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the toroot parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exhibit engine exhibit engine 1.22 |
||
exhibit engine exhibit engine 1.5_rc4 |