CVE-2007-2456
CVE-2007-2456 affects FireFly 1.1.01 with multiple PHP remote file inclusion vulnerabilities. The flaw allows an attacker to execute arbitrary PHP code by supplying a URL in the doc_root parameter to (1) localize.php or (2) config.php under modules/admin/include/. CVSSv2 base score is 7.5 (HIGH) ...