Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, © setcookie.php, (d) sendpm.php, (e) search.php, (f) register.php, (g) profile.php, (h) post.php, (i) pmpshow.php, (j) pm.php, (k) ntopic.php, (l) nreply.php, (m) news.php, (n) memberslist.php, (o) logout.php, (p) login.php, (q) index.php, ® help.php, (s) forum.php, (t) error.php, (u) editpost.php, (v) delpost.php, (w) delpm.php, (x) confirm.php, (y) board.php, (z) admin2.php, (aa) admin.php, or (bb) templates/pb/css/formstyles.php; or the (2) temppath parameter to (a) useronline.php, © setcookie.php, (e) search.php, (f) register.php, (h) post.php, (l) nreply.php, (m) news.php, (o) logout.php, (p) login.php, (q) index.php, ® help.php, (s) forum.php, (t) error.php, (w) delpm.php, (x) confirm.php, or (y) board.php.
osvdb.org/38759
osvdb.org/38760
osvdb.org/38761
osvdb.org/38762
osvdb.org/38763
osvdb.org/38764
osvdb.org/38765
osvdb.org/38766
osvdb.org/38767
osvdb.org/38768
osvdb.org/38769
osvdb.org/38770
osvdb.org/38771
osvdb.org/38772
osvdb.org/38773
osvdb.org/38774
osvdb.org/38775
osvdb.org/38776
osvdb.org/38777
osvdb.org/38778
osvdb.org/38779
osvdb.org/38780
osvdb.org/38781
osvdb.org/38782
osvdb.org/38783
osvdb.org/38784
osvdb.org/38785
osvdb.org/38786
securityreason.com/securityalert/2777
www.securityfocus.com/archive/1/470239/100/0/threaded
www.securityfocus.com/archive/1/470347/100/0/threaded
exchange.xforce.ibmcloud.com/vulnerabilities/34675