Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (8) lib/history.lib.php in inc/.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://wiclear.free.fr/?Download | |
| http://www.osvdb.org/29944 | vdb entry |
| http://www.vupen.com/english/advisories/2006/4166 | vdb entry vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/29720 | vdb entry |
| http://www.osvdb.org/29948 | vdb entry |
| http://www.osvdb.org/29943 | vdb entry |
| http://www.osvdb.org/29947 | vdb entry |
| http://www.osvdb.org/29945 | vdb entry |
| http://secunia.com/advisories/22547 | third party advisory vendor advisory |
| http://www.osvdb.org/29946 | vdb entry |
| https://www.exploit-db.com/exploits/2624 | exploit |
| http://www.osvdb.org/29949 | vdb entry |
| http://wiclear.free.fr/ | |
| http://www.osvdb.org/29942 | vdb entry |