Remote file inclusion

2008-08-2216:41:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.2%

JSON

PHP remote file inclusion vulnerability in admin/create_order_new.php in Freeway 1.4.1.171, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the include_page parameter.

CPENameOperatorVersion
freewayeq1.4.1.171

CPE	Name	Operator	Version
	freeway	eq	1.4.1.171

References

secunia.com/advisories/31475

securityreason.com/securityalert/4181

www.openfreeway.org/download/change-log.html

www.securityfocus.com/archive/1/495549/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/45036