CVE-2007-0986

2007-02-16T11:28:00
ID CVE-2007-0986
Type cve
Reporter cve@mitre.org
Modified 2018-10-16T16:35:00

Description

PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled and that "allow_url_fopen" is enabled. This vulnerability requires that Jupiter CMS 1.1.5 is used with PHP 5.0.0 or later.