PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://securityreason.com/securityalert/410 | third party advisory |
| http://www.osvdb.org/22921 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24479 | vdb entry |
| http://retrogod.altervista.org/loudblog_04_incl_xpl.html | exploit |
| http://securityreason.com/securityalert/556 | third party advisory |
| http://secunia.com/advisories/18722 | third party advisory vendor advisory |
| http://securitytracker.com/id?1015583 | vdb entry |
| http://www.securityfocus.com/bid/16495 | vdb entry |
| http://www.vupen.com/english/advisories/2006/0441 | vdb entry vendor advisory |
| http://www.securityfocus.com/archive/1/423947/100/0/threaded | mailing list |