Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote malicious users to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
post revolution post revolution 7.0_rc2 |
||
post revolution post revolution 6.6 |