Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x prior to 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sourcefabric newscoop 3.5.0 |
||
sourcefabric newscoop 4.0 |
||
sourcefabric newscoop 3.5.2 |
||
sourcefabric newscoop 3.5.4 |
||
sourcefabric newscoop 3.5.3 |
||
sourcefabric newscoop 3.5.1 |