CVE-2009-3424
Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 isprojectPath parameter to includes/InstantSite/inc.isroot.php; GLOBALSthCMSroot parameter to 2 classes/class.Tree.php, 3...