CVE-2007-6488
Falcon Series One CMS 1.4.3 is affected by multiple PHP remote file inclusion vulnerabilities. An attacker can cause arbitrary PHP code execution by providing a URL in (1) dir[classes] to sitemap.xml.php or (2) error to errors.php. The underlying issue is insecure handling of user-supplied URLs l...