Remote file inclusion

PHP remote file inclusion vulnerability in lib/headauth.php in GROUP-E 1.6.41 allows remote attackers to execute arbitrary PHP code via a URL in the CFGPREPENDFILE parameter...

CVE-2008-1074

CVE-2008-1074 affects GROUP-E 1.6.41, where lib/head_auth.php fails to validate CFG[PREPEND_FILE], enabling remote inclusion of arbitrary files and potential PHP code execution. Root cause: inadequate input validation for the PREPEND_FILE parameter leading to local/remote file inclusion. Impact: ...