2 matches found
CVE-2006-3997
PHP remote file inclusion vulnerability in hsList.php in WoWRoster aka World of Warcraft Roster 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter...
CVE-2006-3997
WoWRoster (World of Warcraft Roster) before 1.5.x is affected by a PHP remote file inclusion in hsList.php, exploitable via the subdir parameter to execute arbitrary PHP code on the affected server. This vulnerability arises in WoWRoster’s handling of user-supplied URLs and could allow remote cod...