Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
johannes erdfelt kawf |